General
-
Target
5E4BBF19A6E055CC6C2C98EF38288F3465C30E25542B7.exe
-
Size
486KB
-
Sample
220124-ycdmgshdh8
-
MD5
32cc876191795965e3d5f80cfa90ab3d
-
SHA1
91eb8879cc44f8361454eb89756fc902e73c3cb1
-
SHA256
5e4bbf19a6e055cc6c2c98ef38288f3465c30e25542b735fbfca921fdb8b95f9
-
SHA512
e5f369587c4980bd7aa8590921743f8894777883fec485b2cb726c905d21cf9f4639a2498f2d57520c4eb771b032f4c6882b3679a1af1ce5fd0dacd6c42edb82
Static task
static1
Behavioral task
behavioral1
Sample
5E4BBF19A6E055CC6C2C98EF38288F3465C30E25542B7.exe
Resource
win7-en-20211208
Malware Config
Extracted
asyncrat
v0.2
dhciaicjzis.xyz:1703
aisviua77s.xyz:1703
sakivivjasiv8cozo3.cn:1703
asidivuvuas8rnvns73.xyz:1703
dsijfiudsfiashvu7ds43.xyz:1703
afgj6j3umd5uk
-
anti_vm
false
-
bsod
false
-
delay
0
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
5E4BBF19A6E055CC6C2C98EF38288F3465C30E25542B7.exe
-
Size
486KB
-
MD5
32cc876191795965e3d5f80cfa90ab3d
-
SHA1
91eb8879cc44f8361454eb89756fc902e73c3cb1
-
SHA256
5e4bbf19a6e055cc6c2c98ef38288f3465c30e25542b735fbfca921fdb8b95f9
-
SHA512
e5f369587c4980bd7aa8590921743f8894777883fec485b2cb726c905d21cf9f4639a2498f2d57520c4eb771b032f4c6882b3679a1af1ce5fd0dacd6c42edb82
-
Async RAT payload
-
Modifies Windows Firewall
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-