General
-
Target
draft HBL.r15
-
Size
310KB
-
Sample
220121-k568lseegl
-
MD5
8b2d718618a864063147efe3c578517b
-
SHA1
3ad0f32a8c0f4783da57a9dc7a26f1aa008bcf6c
-
SHA256
37a22f44c4ea8be54b701bd5db1c18d13138730bd65508407ab58126a83a19c7
-
SHA512
fe80f3ced498892380524beb769345062ede0e57862d95c82c7fd4d9bf6d0d68ac66c68dd768261ce78a5bb76909731bf0e072918600ae7b73907e33376d191d
Static task
static1
Behavioral task
behavioral1
Sample
draft HBL.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
draft HBL.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
asyncrat
0.5.7B
Default
45.137.22.60:00783
AsyncMutex_6SI8OkPnk
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
draft HBL.exe
-
Size
344KB
-
MD5
9497d8081b4811bbbbd330fd2f620fdc
-
SHA1
cd43410827dd6648625225499881f6b9a7c871cd
-
SHA256
18be387adc69a0a431483d4854c0f55011bc3b93b743f81f4352921f0bcc20e9
-
SHA512
5e85413f6d84c7c4c8dc2374f8b14e2ccbb4d65457f455144827477d7528c36589feee61e828bb7ca83d0d035b9672334cfc16c1fd9f9c298adb54b0641a6362
Score10/10-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Sets service image path in registry
-
Suspicious use of SetThreadContext
-