General
-
Target
400000.aspnet_compiler.exe
-
Size
16KB
-
Sample
220121-wdkq3saec4
-
MD5
32bf4fceb11adfca17e890e3f117e43f
-
SHA1
cd11a0fdaecd7b21c8cc59344567d27119e472f4
-
SHA256
7c8bcb59b2b0ebdc9781801d02516c8276e488de263d0da0320184b5a9d65133
-
SHA512
8c45ebfef0e3e2ca75516201c06e8473a5934a4e7e957f7502911f12c7ace5a6869905ddf995a62fdd62552b512558a6a9a505f804797b5aad367157b15cd9e8
Static task
static1
Behavioral task
behavioral1
Sample
400000.aspnet_compiler.exe
Resource
win7-en-20211208
Malware Config
Extracted
asyncrat
0.5.7B
Default
asyncmoney.duckdns.org:7829
asyncmoney.duckdns.org:7840
asyncmoney.duckdns.org:7841
asyncmoney.duckdns.org:7842
asyncmoney.duckdns.org:7849
asyncpcc.duckdns.org:7829
asyncpcc.duckdns.org:7840
asyncpcc.duckdns.org:7841
asyncpcc.duckdns.org:7842
asyncpcc.duckdns.org:7849
monedfghsja.duckdns.org:7829
monedfghsja.duckdns.org:7840
monedfghsja.duckdns.org:7841
monedfghsja.duckdns.org:7842
monedfghsja.duckdns.org:7849
AsyncMutex_6SI8OkPnk
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
false
-
install_file
Adobe.exe
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
400000.aspnet_compiler.exe
-
Size
16KB
-
MD5
32bf4fceb11adfca17e890e3f117e43f
-
SHA1
cd11a0fdaecd7b21c8cc59344567d27119e472f4
-
SHA256
7c8bcb59b2b0ebdc9781801d02516c8276e488de263d0da0320184b5a9d65133
-
SHA512
8c45ebfef0e3e2ca75516201c06e8473a5934a4e7e957f7502911f12c7ace5a6869905ddf995a62fdd62552b512558a6a9a505f804797b5aad367157b15cd9e8
-
Async RAT payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-