General
-
Target
update_py-final-stage.exe
-
Size
486KB
-
Sample
220121-rhvdvshhhm
-
MD5
42aea50814ad0d8edce593ca559d142c
-
SHA1
28af69152d3eac34d9dc8fec0a1ceb2c63de429a
-
SHA256
9f4d88e9eeae7ffc241646d0233acb29bedbc9bc0c124b949567a894f8af6f54
-
SHA512
7b8a19fd7de8c4ea639a448fa736d718fd8f10fc78ae73de6c260ea665410d50275791b1c30b219ae5ddfd3d66746eb1bdd15c55e41016707859db540e60d4c0
Static task
static1
Behavioral task
behavioral1
Sample
update_py-final-stage.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
update_py-final-stage.exe
Resource
win10-en-20211208
Malware Config
Extracted
asyncrat
v0.2
niceone20.cn:7201
fjuj84hgoa84gn.xyz:7201
getupdated2021win2k.cn:7201
afgj6j3umd5uk
-
anti_vm
false
-
bsod
false
-
delay
0
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
update_py-final-stage.exe
-
Size
486KB
-
MD5
42aea50814ad0d8edce593ca559d142c
-
SHA1
28af69152d3eac34d9dc8fec0a1ceb2c63de429a
-
SHA256
9f4d88e9eeae7ffc241646d0233acb29bedbc9bc0c124b949567a894f8af6f54
-
SHA512
7b8a19fd7de8c4ea639a448fa736d718fd8f10fc78ae73de6c260ea665410d50275791b1c30b219ae5ddfd3d66746eb1bdd15c55e41016707859db540e60d4c0
Score10/10-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Blocklisted process makes network request
-
Modifies Windows Firewall
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-