General
-
Target
5168-375-0x0000000000400000-0x0000000000412000-memory.dmp
-
Size
72KB
-
MD5
240b38153ea91fd0ccae8bee87fd593c
-
SHA1
68c1325f5943f87df19d7458384aee4fb7808b45
-
SHA256
2b52bd7382922b79ba36203396e76e8d83f3ba6fe89516f4da91c01283670b05
-
SHA512
8651a7f3b8e4cbac84ed5e04ec5076a20c8f78326d450f46affe8f02e85a65bc1d99bc1fd31081366279d7ee60910569c104e9acc26fde7d5663c1bf745d583e
-
SSDEEP
1536:Muus1TFcW2yCpCPITbuaN/+Ht8DmV4WNdyZ:Muu4TFcW2yCsPITbu6eSq4Z
Score
10/10
Malware Config
Extracted
Family
asyncrat
Version
0.5.7B
Botnet
SecurityHealthServi
C2
20.8.122.174:31682
Mutex
SecurityHealthServi
Attributes
-
delay
3
-
install
false
-
install_file
SecurityHealthService
-
install_folder
%AppData%
aes.plain
Signatures
-
Async RAT payload 1 IoCs
-
Asyncrat family
Files
-
5168-375-0x0000000000400000-0x0000000000412000-memory.dmp
Headers
Sections