Behavioral task
behavioral1
Sample
1096-57-0x00000000003B0000-0x00000000003C2000-memory.exe
Resource
win7-20220812-en
General
-
Target
1096-57-0x00000000003B0000-0x00000000003C2000-memory.dmp
-
Size
72KB
-
MD5
04ffd19d0f37dbfb88183ed3a2be3e16
-
SHA1
55fc97fab3e9bb8028d0f488bfce17b9516c503f
-
SHA256
90636b07f3e1ba7875174defe0e106aa1aa873960e3380e9cc9a5f0325bf13b6
-
SHA512
c40645de659bde18d34c336251eea7229c49d569cc7127691f188a4efb0e8fe2e10b84d0a45c4f24982cf732cb34ca2c3742d07af2d9b1d61ba7bf359f031ef4
-
SSDEEP
768:QoBLMxx0Fs4G7WHNaIx2FAhQ7CbEjbegr3iS/dbR8kClZN2tYcFmVc6K:QoBLMxmy2hfEbhrSS1bRorNKmVcl
Malware Config
Extracted
asyncrat
0.5.6D
Default
milla.publicvm.com:6606
milla.publicvm.com:7707
milla.publicvm.com:8808
urulyqqdpunjfhquxdy
-
delay
8
-
install
true
-
install_file
folders.exe
-
install_folder
%AppData%
Signatures
Files
-
1096-57-0x00000000003B0000-0x00000000003C2000-memory.dmp.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
Imports
mscoree
_CorExeMain
Sections
.text Size: 42KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ