General
-
Target
6dc582c90bde0f7532e4503c39f0ca5a7fb7c269d9303636dd33eae0561b3df1
-
Size
195KB
-
Sample
230121-sakp5ada29
-
MD5
dc345adb427ceb03c7ae434607efc21b
-
SHA1
29b6993b4673c1743eb895d7f1b507fa40ff6dc5
-
SHA256
6dc582c90bde0f7532e4503c39f0ca5a7fb7c269d9303636dd33eae0561b3df1
-
SHA512
1d9529a6b74462ffbdc9ac9ccba2178096877a67a9b1e71394a4f7e7380d24f4f6f2dc4dd69bb9ba91291bb83291be56b63d286fa1856faa489e109448b26527
-
SSDEEP
3072:cBN4X3cMtr+hLlB9S8v5eXHtQqJ58Q85I/2X0yL5YK+xWmiKaBjhVw/oPCal:Um1SLlTS8oX2qJA9X0yIWUaBQ/oPCa
Static task
static1
Malware Config
Extracted
asyncrat
1.0.7
Default
95.216.52.21:8848
ytojilhumccb
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
6dc582c90bde0f7532e4503c39f0ca5a7fb7c269d9303636dd33eae0561b3df1
-
Size
195KB
-
MD5
dc345adb427ceb03c7ae434607efc21b
-
SHA1
29b6993b4673c1743eb895d7f1b507fa40ff6dc5
-
SHA256
6dc582c90bde0f7532e4503c39f0ca5a7fb7c269d9303636dd33eae0561b3df1
-
SHA512
1d9529a6b74462ffbdc9ac9ccba2178096877a67a9b1e71394a4f7e7380d24f4f6f2dc4dd69bb9ba91291bb83291be56b63d286fa1856faa489e109448b26527
-
SSDEEP
3072:cBN4X3cMtr+hLlB9S8v5eXHtQqJ58Q85I/2X0yL5YK+xWmiKaBjhVw/oPCal:Um1SLlTS8oX2qJA9X0yIWUaBQ/oPCa
-
Async RAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-