General
-
Target
af1e6b53fc3e4679bedd29c25e057b10.exe
-
Size
3.9MB
-
Sample
220122-r757nabhcm
-
MD5
af1e6b53fc3e4679bedd29c25e057b10
-
SHA1
f5a82edb61a2a0c896406b4cc48c9d1bd5bb082e
-
SHA256
bada7e61229d4c6bba936e8b163034b3421680c1f4ebbc69160fc96fc5bdb8ca
-
SHA512
009298300cb8e631c2d28f34268900d8015fe8bbd2e7c21f5eda320a76debea6057a8207d5b30c193f6a182064c4bafeca98ec502a713de70969040191fdedc6
Static task
static1
Behavioral task
behavioral1
Sample
af1e6b53fc3e4679bedd29c25e057b10.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
af1e6b53fc3e4679bedd29c25e057b10.exe
Resource
win10-en-20211208
Malware Config
Extracted
asyncrat
0.5.6B
s1995.ddns.net:5000
umgxmwaynloootia
-
anti_vm
false
-
bsod
false
-
delay
5
-
install
true
-
install_file
zwindows.exe
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
af1e6b53fc3e4679bedd29c25e057b10.exe
-
Size
3.9MB
-
MD5
af1e6b53fc3e4679bedd29c25e057b10
-
SHA1
f5a82edb61a2a0c896406b4cc48c9d1bd5bb082e
-
SHA256
bada7e61229d4c6bba936e8b163034b3421680c1f4ebbc69160fc96fc5bdb8ca
-
SHA512
009298300cb8e631c2d28f34268900d8015fe8bbd2e7c21f5eda320a76debea6057a8207d5b30c193f6a182064c4bafeca98ec502a713de70969040191fdedc6
Score10/10-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Async RAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-