General
-
Target
SecuriteInfo.com.Trojan.Mardom.MN.24.2388.366.exe
-
Size
379KB
-
Sample
220919-n7fp8afgh4
-
MD5
011558167163f6d90c9a2db9d3483c38
-
SHA1
6f93f666f2c8b83db55e4f543fbd30c696e38be3
-
SHA256
0c02d6eef179e83089cce5444a5904397d9a3035155c5b4269af6749e4e039b7
-
SHA512
4f87791636dbd48b2713d1cb71435a8aa4c7bfbfcc20a404c2c4efa99c76fe9be2e41e4da1163e1664c813a5ef7c4651b9ef6d19332ca3713be9f1f4f1aeaeb9
-
SSDEEP
6144:RLZwe13u0ca2SFJjzhqvKy8UyiFXMgRPqj:RNwe9rJB6KWysXQj
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Mardom.MN.24.2388.366.exe
Resource
win7-20220812-en
Malware Config
Extracted
asyncrat
1.0.7
Default
iphanyi.edns.biz:3369
Mtex_qwqdanchun
-
delay
1
-
install
true
-
install_file
windowss.exe
-
install_folder
%AppData%
Targets
-
-
Target
SecuriteInfo.com.Trojan.Mardom.MN.24.2388.366.exe
-
Size
379KB
-
MD5
011558167163f6d90c9a2db9d3483c38
-
SHA1
6f93f666f2c8b83db55e4f543fbd30c696e38be3
-
SHA256
0c02d6eef179e83089cce5444a5904397d9a3035155c5b4269af6749e4e039b7
-
SHA512
4f87791636dbd48b2713d1cb71435a8aa4c7bfbfcc20a404c2c4efa99c76fe9be2e41e4da1163e1664c813a5ef7c4651b9ef6d19332ca3713be9f1f4f1aeaeb9
-
SSDEEP
6144:RLZwe13u0ca2SFJjzhqvKy8UyiFXMgRPqj:RNwe9rJB6KWysXQj
-
Async RAT payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-