Overview

overview

10

Static

static

10

1556-100-0...ry.exe

windows7-x64

1556-100-0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    1556-100-0x0000000000400000-0x0000000000412000-memory.dmp

  • Size

    72KB

  • MD5

    0957764840574a4ad1c4ad07898e5ca7

  • SHA1

    95c586be7d150fd04885c0c69ecb95fe4508a9f0

  • SHA256

    5b4b64fdfdb9d9b8ae37dbd291deb4d7669983ac9e5cba0abe9df4702f08e0b8

  • SHA512

    e1143052c774266f6c8aaba870f966d95b0d4408de2e801b63e8e2cb52907872d7fb91f08bdebd602f860939223cedb0e50215a2ecf48d32be4fb816cbb469dd

  • SSDEEP

    768:/u1aK1T3EiJfWUzuydmo2qzBb1T/DLaOPIPzjbTgo3iXFv7uv615dBDZnx:/u1aK1T3xN2SA3P3bMoSVDZzdnx

Score
10/10
ratknockasyncrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Knock

C2

www.dnuocc.com:1452

www.dnuocc.com:1432

dnuocc.com:1452

dnuocc.com:1432
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    25

  • install

    true

  • install_file

    crssr.exe

  • install_folder

    %AppData%

aes.plain

Signatures

  • Async RAT payload 1 IoCs
    rat
  • Asyncrat family
    asyncrat

Files

  • 1556-100-0x0000000000400000-0x0000000000412000-memory.dmp
    .exe windows x86


    Headers

    Sections