Behavioral task
behavioral1
Sample
836-76-0x0000000000210000-0x00000000007CF000-memory.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
836-76-0x0000000000210000-0x00000000007CF000-memory.exe
Resource
win10v2004-20220812-en
General
-
Target
836-76-0x0000000000210000-0x00000000007CF000-memory.dmp
-
Size
5.7MB
-
MD5
88a0b0885fd83b57c940feace51b5a24
-
SHA1
950d26d3a3df15afce2b887ab3ed6bd310f3bdb0
-
SHA256
ceb0d4b74a97f81e77ea1b5fc254932777bb69c64918911d9d8eb4b50c447129
-
SHA512
ab70d5003c29acafc1ff0e4bb1795e547bcb59615d98606c55261453358a732aa4fe47260fd043a7b940152b3ed1567ceef039ed98f9755d7a2a28be69585e1f
-
SSDEEP
768:euS/NTdxr7xWUpHm7mo2qLcozCXCKPI0djbOgX3iPlc5l2wrBDZMx:euS/NTdtW2+901bxXSPlc5H9dMx
Malware Config
Extracted
asyncrat
0.5.7B
Default
product62.duckdns.org:1905
goodygoody.duckdns.org:1905
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_file
Windows updater.exe
-
install_folder
%AppData%
Signatures
Files
-
836-76-0x0000000000210000-0x00000000007CF000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 42KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ