General
-
Target
e2bc473866d9e54637bd26ad66b848f4813e4432732eca093930ae78698d746c
-
Size
804KB
-
Sample
220630-wtej1afdem
-
MD5
ed99523b0359e4fa801d9f9431f55dd3
-
SHA1
e4e1f7aa9127bc3c2b98bf1d2f9dfb669fd65002
-
SHA256
e2bc473866d9e54637bd26ad66b848f4813e4432732eca093930ae78698d746c
-
SHA512
d32025ace988866d86bf6df6f7a29a5d5afd7896b627182438c86a1b880c1f4511c56547a30de7c76eb7cd365aefd7cd992603d33c4ffb366b2629bd26405eb9
Static task
static1
Behavioral task
behavioral1
Sample
e2bc473866d9e54637bd26ad66b848f4813e4432732eca093930ae78698d746c.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
e2bc473866d9e54637bd26ad66b848f4813e4432732eca093930ae78698d746c.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
asyncrat
0.5.7B
Snowbot
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
127.0.0.1:8888
193.239.147.169:6606
193.239.147.169:7707
193.239.147.169:8808
193.239.147.169:8888
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
e2bc473866d9e54637bd26ad66b848f4813e4432732eca093930ae78698d746c
-
Size
804KB
-
MD5
ed99523b0359e4fa801d9f9431f55dd3
-
SHA1
e4e1f7aa9127bc3c2b98bf1d2f9dfb669fd65002
-
SHA256
e2bc473866d9e54637bd26ad66b848f4813e4432732eca093930ae78698d746c
-
SHA512
d32025ace988866d86bf6df6f7a29a5d5afd7896b627182438c86a1b880c1f4511c56547a30de7c76eb7cd365aefd7cd992603d33c4ffb366b2629bd26405eb9
Score10/10-
Modifies WinLogon for persistence
-
Async RAT payload
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-