General
-
Target
booking.jpg.bin
-
Size
266KB
-
Sample
220613-yr12bsadhm
-
MD5
b2b5da2e78b297ef26d53af784ccaf81
-
SHA1
d26490e3da6c5da661ff349824672fa93199eb81
-
SHA256
cd9ed05240e880b36ad0cdd5bda62cba3f4bea55e69d62282030674f7a4da815
-
SHA512
1ae7d55ac49177c8ea6c9f2e814194c15271d22cc37501798e6460d78cc8d93b5b4513fcdb6e963a929fa6ebae8e2e3e45eb4de244d4fdb463030d2ca4b7776c
Static task
static1
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
$$$$
cdtpitbull.hopto.org:7707
cdtpitbull.hopto.org:4404
cdtpitbull.hopto.org:5505
cdtpitbull.hopto.org:3303
cdtpitbull.hopto.org:2222
chromedata.accesscam.org:7707
chromedata.accesscam.org:4404
chromedata.accesscam.org:5505
chromedata.accesscam.org:3303
chromedata.accesscam.org:2222
datacontrol.ddns.net:7707
datacontrol.ddns.net:4404
datacontrol.ddns.net:5505
datacontrol.ddns.net:3303
datacontrol.ddns.net:2222
cdt2023.ddns.net:7707
cdt2023.ddns.net:4404
cdt2023.ddns.net:5505
cdt2023.ddns.net:3303
cdt2023.ddns.net:2222
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_file
DesbravadorUpdata.exe
-
install_folder
%AppData%
Targets
-
-
Target
booking.jpg.bin
-
Size
266KB
-
MD5
b2b5da2e78b297ef26d53af784ccaf81
-
SHA1
d26490e3da6c5da661ff349824672fa93199eb81
-
SHA256
cd9ed05240e880b36ad0cdd5bda62cba3f4bea55e69d62282030674f7a4da815
-
SHA512
1ae7d55ac49177c8ea6c9f2e814194c15271d22cc37501798e6460d78cc8d93b5b4513fcdb6e963a929fa6ebae8e2e3e45eb4de244d4fdb463030d2ca4b7776c
-
Async RAT payload
-
Suspicious use of SetThreadContext
-