General
-
Target
70640074D3FDAE9D73D37DB169C4E2FB.exe
-
Size
38KB
-
Sample
220128-1jtndsefe3
-
MD5
70640074d3fdae9d73d37db169c4e2fb
-
SHA1
4a05baf2027180366471de77bfe26b9e53917f7e
-
SHA256
67741e596f4d59713a232bfb45d6cb0b2592f67b867773f72c2bb0fa2f749685
-
SHA512
a50db1617e4d09a8e610fdffda759a6c6c4d71ea6c671bef68ddc302af855b18235eabbd75590af39986c031b895d66bc591b7369edd83252b51015a986d4939
Static task
static1
Behavioral task
behavioral1
Sample
70640074D3FDAE9D73D37DB169C4E2FB.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
70640074D3FDAE9D73D37DB169C4E2FB.exe
Resource
win10-en-20211208
Malware Config
Extracted
asyncrat
0.5.7B
Default
20.83.245.27:1604
AsyncMutex_6SI8OkPnk
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
70640074D3FDAE9D73D37DB169C4E2FB.exe
-
Size
38KB
-
MD5
70640074d3fdae9d73d37db169c4e2fb
-
SHA1
4a05baf2027180366471de77bfe26b9e53917f7e
-
SHA256
67741e596f4d59713a232bfb45d6cb0b2592f67b867773f72c2bb0fa2f749685
-
SHA512
a50db1617e4d09a8e610fdffda759a6c6c4d71ea6c671bef68ddc302af855b18235eabbd75590af39986c031b895d66bc591b7369edd83252b51015a986d4939
-
Async RAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-