General
-
Target
view.zip
-
Size
807KB
-
Sample
230221-b35gkafb2x
-
MD5
1e0b4608d4236b2481cd1a75a11a29ce
-
SHA1
93c0e177b01f218b7c22067217f7e4df6f038428
-
SHA256
66fbd626eac4b285f093e5fbff484daa95d270e981eda051836b5ee47ea7a01b
-
SHA512
be12954609f96bd7bde7d5b2dea66e165c3137098cec7436457467b15b96a55842ba222adb50865b2888811a490a9e98dc638c892219f2f5d07b36e0eb0bfd1e
-
SSDEEP
6144:E2bLf4cN90DJ6uc5WOxe87vLlMMSwPRobACYPaTwPE54odL:ErA90DJ+E/8TmtwPRo6MHL
Static task
static1
Behavioral task
behavioral1
Sample
view.exe
Resource
win10-20230220-en
Behavioral task
behavioral2
Sample
view.exe
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
95.216.102.32:6606
95.216.102.32:7707
95.216.102.32:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
view.exe
-
Size
500.0MB
-
MD5
17beeecdd8a676132dfa178a1cb90161
-
SHA1
9fb39d298a16798c144813d440bcdbb28b2f2464
-
SHA256
c3bbcf49833323978f3df6a3ae4d27cd278930ca78c5b178d6c7558c0b6210a2
-
SHA512
5eb5b34082ee113e0717109c1e1936af2ca338d62afff96645c79927716bae44bd48e5e1c4a788499fbe05daecaa9fda250992dcf8db2715993cd8aab0964e6d
-
SSDEEP
6144:UahORp0yN90QESEsORO87HLlkMSwxRopaCYPaT8PE54X:UiVy90sND8DytwxRoqKy
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Async RAT payload
-
Blocklisted process makes network request
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-