General
-
Target
T00WKSAU002DHSRQW_002.exe
-
Size
300.0MB
-
Sample
221014-v9y3xadhgk
-
MD5
707a86802d4275cda27b6e989b691e0a
-
SHA1
5eb007b7e7f3ac28363329904493e443a15cdabf
-
SHA256
0a8e413babd867a1bdbbdba1e7c56643c9e13d5d26a6d803c7846f2af201936c
-
SHA512
511a407bedd29e7b69d03a031d16a1f0d46e2ce789065bfc427ef296e3c090d2cf2d5d1757533b5c70d3935f2baf1686b1618df11548f1ea7478d8ede88edb60
-
SSDEEP
3072:rvOIfhz+4a0+9bdRvixoww6r50iis79KfTYVY:hA10+9HvQ15Fjod
Static task
static1
Behavioral task
behavioral1
Sample
T00WKSAU002DHSRQW_002.exe
Resource
win7-20220812-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
thoe409.duckdns.org:6739
thoe409.duckdns.org:7301
thoe409.duckdns.org:7808
thoe409.duckdns.org:8333
thoe409.duckdns.org:6112
thoe409.duckdns.org:7553
thoe409.duckdns.org:6443
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
T00WKSAU002DHSRQW_002.exe
-
Size
300.0MB
-
MD5
707a86802d4275cda27b6e989b691e0a
-
SHA1
5eb007b7e7f3ac28363329904493e443a15cdabf
-
SHA256
0a8e413babd867a1bdbbdba1e7c56643c9e13d5d26a6d803c7846f2af201936c
-
SHA512
511a407bedd29e7b69d03a031d16a1f0d46e2ce789065bfc427ef296e3c090d2cf2d5d1757533b5c70d3935f2baf1686b1618df11548f1ea7478d8ede88edb60
-
SSDEEP
3072:rvOIfhz+4a0+9bdRvixoww6r50iis79KfTYVY:hA10+9HvQ15Fjod
-
Async RAT payload
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-