General
-
Target
any.exe
-
Size
4.0MB
-
Sample
230206-wl6nhsad8s
-
MD5
1a41528e75e53780eb8371376f59b165
-
SHA1
fa87fafead7128fc4a52bc371f08800d68941544
-
SHA256
9ed6b16646571c6278ffaf7e9f19a919bf7ec72c5e0a6616c2d559d8486e672c
-
SHA512
323eb3ba49f255e0157aacc22eeedd806166732002b786e85f3c86e82e9063f3e3a1bdc6cad4c2f856ef69de79ce667fde0283f4ff6ba93488b1737b1f19f3df
-
SSDEEP
98304:iDFWG1bqjvcLIsoh5GbmkNC3dv2tthJ2/Ev6l3:i7svcsImkN4chYECl
Static task
static1
Behavioral task
behavioral1
Sample
any.exe
Resource
win7-20221111-en
Malware Config
Extracted
asyncrat
1.0.7
Default
?><MKdfdsgdgregrtgrthh<LKOIJUY&^T%RFDEXcfgvhbnjuimowefinuybt
-
delay
1
-
install
false
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/VM7TRmVa
Targets
-
-
Target
any.exe
-
Size
4.0MB
-
MD5
1a41528e75e53780eb8371376f59b165
-
SHA1
fa87fafead7128fc4a52bc371f08800d68941544
-
SHA256
9ed6b16646571c6278ffaf7e9f19a919bf7ec72c5e0a6616c2d559d8486e672c
-
SHA512
323eb3ba49f255e0157aacc22eeedd806166732002b786e85f3c86e82e9063f3e3a1bdc6cad4c2f856ef69de79ce667fde0283f4ff6ba93488b1737b1f19f3df
-
SSDEEP
98304:iDFWG1bqjvcLIsoh5GbmkNC3dv2tthJ2/Ev6l3:i7svcsImkN4chYECl
-
Async RAT payload
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-