Behavioral task
behavioral1
Sample
1832-70-0x0000000000330000-0x0000000000342000-memory.exe
Resource
win7-20221111-en
General
-
Target
1832-70-0x0000000000330000-0x0000000000342000-memory.dmp
-
Size
72KB
-
MD5
6ee423085a2d24d3978d682a4f1760b3
-
SHA1
f828d89e5991660968dfb143aba79544a22cac91
-
SHA256
1a0fb6b8d6fb6bd2cfd86fa5a3467de345484a3a19a9591fbf5153943165afc3
-
SHA512
f725a463bfa24192df8837b2abce533d40362f74e5d3e5c00df042396c9c37fde33efd26e6357147b5ae049b6a33a8f10f35d2cb728db1c92c6cc1cdc6a40ec6
-
SSDEEP
1536:XquwCfTgp/2f9JyF4IRKgb9yoQtvUfvdi/:auwMTgp/2VJyF44b9Itc8/
Malware Config
Extracted
asyncrat
0.5.7B
Default
87.237.165.133:6161
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Signatures
Files
-
1832-70-0x0000000000330000-0x0000000000342000-memory.dmp.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 44KB - Virtual size: 44KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ