General
-
Target
7c891739080f841320db5c5fa00c1970
-
Size
56KB
-
Sample
230201-z5ewpacc93
-
MD5
7c891739080f841320db5c5fa00c1970
-
SHA1
a643743edc2b433e1a4a9e351191c45b653bab7b
-
SHA256
9ba273e5655ddf51c2714c0e0f6963e1498d882bbf9cdb4d707ee53f6e62d375
-
SHA512
7640f7dcf44cd0b5ac28bd154ecbc2dbe0d1e35386f29db048cc41e726fc7c3b3a42d16accfd7aad95862be3d4a7443a8fadd088deb5a359d4e8309abc2523b9
-
SSDEEP
384:s/jtBgfZAGbN5npUXbYhsedHsZIuxyrzwNZd/8qlwlNh5SFFV:s8bJUX+sgMZIDrUNjdwlVSFFV
Static task
static1
Behavioral task
behavioral1
Sample
7c891739080f841320db5c5fa00c1970.exe
Resource
win7-20221111-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
bendito2714.duckdns.org:7090
AsyncMutex_6SI8OkPnk
-
delay
30
-
install
false
-
install_file
bendito.exe
-
install_folder
%AppData%
Targets
-
-
Target
7c891739080f841320db5c5fa00c1970
-
Size
56KB
-
MD5
7c891739080f841320db5c5fa00c1970
-
SHA1
a643743edc2b433e1a4a9e351191c45b653bab7b
-
SHA256
9ba273e5655ddf51c2714c0e0f6963e1498d882bbf9cdb4d707ee53f6e62d375
-
SHA512
7640f7dcf44cd0b5ac28bd154ecbc2dbe0d1e35386f29db048cc41e726fc7c3b3a42d16accfd7aad95862be3d4a7443a8fadd088deb5a359d4e8309abc2523b9
-
SSDEEP
384:s/jtBgfZAGbN5npUXbYhsedHsZIuxyrzwNZd/8qlwlNh5SFFV:s8bJUX+sgMZIDrUNjdwlVSFFV
-
Async RAT payload
-
Deletes itself
-
Drops startup file
-
Suspicious use of SetThreadContext
-