General
-
Target
server1.bin
-
Size
143KB
-
Sample
220708-lw79zsdeg8
-
MD5
e52ddd261cbf8498daf41a433ca226f9
-
SHA1
4ce315c5b0b71fbbed5f6fe71bcbd6dc0a122c74
-
SHA256
ef5f3901e4c087cb3eae06e643a0ce9c3b3beef59e799d72b05592b7471c8ecd
-
SHA512
1a0053eb789e1de612bf4176019f1ed9c74551ffb5715ec0db54917deb82b6ba491733f5c924679a1f36f54cad356907f525be6ca64dca5064299ef475766b8c
Static task
static1
Behavioral task
behavioral1
Sample
server1.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
server1.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
venelix.duckdns.org:6606
venelix.duckdns.org:7707
venelix.duckdns.org:8808
192.168.1.5:6606
192.168.1.5:7707
192.168.1.5:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
server1.bin
-
Size
143KB
-
MD5
e52ddd261cbf8498daf41a433ca226f9
-
SHA1
4ce315c5b0b71fbbed5f6fe71bcbd6dc0a122c74
-
SHA256
ef5f3901e4c087cb3eae06e643a0ce9c3b3beef59e799d72b05592b7471c8ecd
-
SHA512
1a0053eb789e1de612bf4176019f1ed9c74551ffb5715ec0db54917deb82b6ba491733f5c924679a1f36f54cad356907f525be6ca64dca5064299ef475766b8c
-
Async RAT payload
-
Suspicious use of SetThreadContext
-