General
-
Target
4fae4e3df84f89f77df25ed6e9674940.exe
-
Size
1.8MB
-
Sample
230214-t92ncseb8s
-
MD5
4fae4e3df84f89f77df25ed6e9674940
-
SHA1
720372d130c4931506ed0df1ede36dada6803f72
-
SHA256
cf1de08c2a552617a6e8591a2bd25c72d597854e9564246a700329aa60b08be7
-
SHA512
08161380459a529918a94acb6acf9d149ba1e4de0a78f90c4db32cabb54a24114d1902da57dbbe49750e61607af667c8ff851201caf42cde83f2391bca6d2c2a
-
SSDEEP
49152:diszHX1u6cLxfOEPZldmn0TAI5FWQzt+1wBcv+lRA6ZtrPt9gsjGvlaQz:EszHXM6c1dmsAIiQzt+1wmv+lRAorPLq
Static task
static1
Behavioral task
behavioral1
Sample
4fae4e3df84f89f77df25ed6e9674940.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
4fae4e3df84f89f77df25ed6e9674940.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
Protocol: ftp- Host:
43.155.145.155 - Port:
21 - Username:
123 - Password:
123
Extracted
asyncrat
Gh0st RAT
Default
43.249.30.55:8848
DcRatMutex
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
4fae4e3df84f89f77df25ed6e9674940.exe
-
Size
1.8MB
-
MD5
4fae4e3df84f89f77df25ed6e9674940
-
SHA1
720372d130c4931506ed0df1ede36dada6803f72
-
SHA256
cf1de08c2a552617a6e8591a2bd25c72d597854e9564246a700329aa60b08be7
-
SHA512
08161380459a529918a94acb6acf9d149ba1e4de0a78f90c4db32cabb54a24114d1902da57dbbe49750e61607af667c8ff851201caf42cde83f2391bca6d2c2a
-
SSDEEP
49152:diszHX1u6cLxfOEPZldmn0TAI5FWQzt+1wBcv+lRA6ZtrPt9gsjGvlaQz:EszHXM6c1dmsAIiQzt+1wmv+lRAorPLq
-
Async RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-