General
-
Target
AgSimIP.exe_Signed.exe
-
Size
41KB
-
Sample
220703-vb6ebsbcc2
-
MD5
1775b893bff9ce8d732e934161db686f
-
SHA1
a5947658bdda27bab6de41c91d434b5c905b67fd
-
SHA256
cf396389d7d1923384a9abcea6e2c39aa0dc88ccb1fe779f1fb4df84d46b33d8
-
SHA512
e44e4f8a3d9af7fb57fe7352357b24f8ad2ddc637a1432887bcdbb8715b767783d95a204c96adace18798a53b562078b4c96800904c77e075ce93167bee7ef9a
Static task
static1
Behavioral task
behavioral1
Sample
AgSimIP.exe_Signed.exe
Resource
win7-20220414-en
Malware Config
Extracted
asyncrat
1.0.7
Default
193.149.3.239:1938
DcRatMutex_qwqdanchun
-
delay
1
-
install
false
-
install_file
Yılanoyunu.exe
-
install_folder
%AppData%
Targets
-
-
Target
AgSimIP.exe_Signed.exe
-
Size
41KB
-
MD5
1775b893bff9ce8d732e934161db686f
-
SHA1
a5947658bdda27bab6de41c91d434b5c905b67fd
-
SHA256
cf396389d7d1923384a9abcea6e2c39aa0dc88ccb1fe779f1fb4df84d46b33d8
-
SHA512
e44e4f8a3d9af7fb57fe7352357b24f8ad2ddc637a1432887bcdbb8715b767783d95a204c96adace18798a53b562078b4c96800904c77e075ce93167bee7ef9a
-
suricata: ET MALWARE Possible Windows executable sent when remote host claims to send html content
suricata: ET MALWARE Possible Windows executable sent when remote host claims to send html content
-
Async RAT payload
-
Downloads MZ/PE file
-
Drops startup file
-
Suspicious use of SetThreadContext
-