General
-
Target
1312912d725d45bcd1b63922ec9a84abca7a8c9c669c13efbd03472c764be056
-
Size
893KB
-
Sample
220130-awe3nacacn
-
MD5
d583e877ac023f1402ee532c2b7c8469
-
SHA1
25047e0dc9988e1abe7a16e6365e9669401cb7d1
-
SHA256
1312912d725d45bcd1b63922ec9a84abca7a8c9c669c13efbd03472c764be056
-
SHA512
014b348eccbcefeaab4d9b7d315ec311c6103294a70e7546700eac68aa6b8d2fb8b06b5c75cd1c7266f4aa22f8ad4d5c2aaa5537bb9011139462ce92e6beb546
Static task
static1
Behavioral task
behavioral1
Sample
1312912d725d45bcd1b63922ec9a84abca7a8c9c669c13efbd03472c764be056.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
1312912d725d45bcd1b63922ec9a84abca7a8c9c669c13efbd03472c764be056.exe
Resource
win10-en-20211208
Malware Config
Extracted
asyncrat
0.5.7B
Default
genjustu.hopto.org:6606
genjustu.hopto.org:7707
genjustu.hopto.org:8808
45.35.158.173:6606
45.35.158.173:7707
45.35.158.173:8808
AsyncMutex_6SI8OkPnk
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
1312912d725d45bcd1b63922ec9a84abca7a8c9c669c13efbd03472c764be056
-
Size
893KB
-
MD5
d583e877ac023f1402ee532c2b7c8469
-
SHA1
25047e0dc9988e1abe7a16e6365e9669401cb7d1
-
SHA256
1312912d725d45bcd1b63922ec9a84abca7a8c9c669c13efbd03472c764be056
-
SHA512
014b348eccbcefeaab4d9b7d315ec311c6103294a70e7546700eac68aa6b8d2fb8b06b5c75cd1c7266f4aa22f8ad4d5c2aaa5537bb9011139462ce92e6beb546
Score10/10-
Modifies WinLogon for persistence
-
Async RAT payload
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-