General
-
Target
SHIPP.one
-
Size
19KB
-
Sample
230221-br3htsfa7y
-
MD5
00aba9147c5f36187e8285ccc0cc2072
-
SHA1
1d1fb99c586b02d50e7a1f323b2ebe9b54fb4f78
-
SHA256
53f7db48dbf6d330f92c1e363869534a8be40be7b6cf764d31fc6f626ef4171d
-
SHA512
7f484c51f46b183125c303683f16d512440c8950bdeadec9ccfbea813ceeda078046464d6c246aa4ed93eac91c1647a3402273570f0cffb61668af2aeb55bcba
-
SSDEEP
384:0I+XqpCRZyI6b7TG8qDyqodECdm20kQ9pv:0I+X4CRZM7MSaC8/kQ9t
Static task
static1
Behavioral task
behavioral1
Sample
SHIPP.one
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
SHIPP.one
Resource
win10-20230220-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
95.216.102.32:6606
95.216.102.32:7707
95.216.102.32:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
SHIPP.one
-
Size
19KB
-
MD5
00aba9147c5f36187e8285ccc0cc2072
-
SHA1
1d1fb99c586b02d50e7a1f323b2ebe9b54fb4f78
-
SHA256
53f7db48dbf6d330f92c1e363869534a8be40be7b6cf764d31fc6f626ef4171d
-
SHA512
7f484c51f46b183125c303683f16d512440c8950bdeadec9ccfbea813ceeda078046464d6c246aa4ed93eac91c1647a3402273570f0cffb61668af2aeb55bcba
-
SSDEEP
384:0I+XqpCRZyI6b7TG8qDyqodECdm20kQ9pv:0I+X4CRZM7MSaC8/kQ9t
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Async RAT payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Adds Run key to start application
-