General

  • Target

    768-315-0x0000000000400000-0x0000000000412000-memory.dmp

  • Size

    72KB

  • MD5

    c37681656d51b7901078ec4f17180378

  • SHA1

    283db65f27c6863b23cca98edd4ec52bc59c0aa1

  • SHA256

    5030f778c18c41c408b2e6563cda8141e294e14c209b9a31993e3786260ad7b7

  • SHA512

    44ad9b009e7b22243e705b992b9975bcec2b3dc8948141bcad41e4b2deb314251234596dbba53f5afe891df1f46855b798d2ffa52706281e525da7ec302b450d

  • SSDEEP

    768:LqdpXbXX0fIAkOicvHk3eHlWMPbPgF0q0O0iJNQVTHlgBYI6OCC2tYcFmVc6K:LtIAXvZH0ub4Frv0iJNQU6OnKmVcl

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.6A

C2

45.74.4.244:6606

45.74.4.244:7707

45.74.4.244:8808

Mutex

servtle284

Attributes
  • delay

    5

  • install

    true

  • install_file

    wintskl.exe

  • install_folder

    %AppData%

aes.plain

Signatures

  • Async RAT payload 1 IoCs
  • Asyncrat family

Files

  • 768-315-0x0000000000400000-0x0000000000412000-memory.dmp
    .exe windows x86


    Headers

    Sections