Behavioral task
behavioral1
Sample
9a8f8b44910d4c35a64244354966ce7bdd3bdff9189feee1d8e98b094c855138.exe
Resource
win7-20230220-en
General
-
Target
9a8f8b44910d4c35a64244354966ce7bdd3bdff9189feee1d8e98b094c855138.zip
-
Size
84KB
-
MD5
0362d1111cb7d45af5f75d47caa8d6cb
-
SHA1
78b5a4b964be344aff0b9c026afd4934826e1c8b
-
SHA256
715c1fbf243cdd37c2e7f5cabe0093c366589ed477c4bb76348936fe26316579
-
SHA512
2e01853c22f636f88d615afe9a861a0f7b405841995e2dda2db00facf5fe76dff3c4538964041b98ca6f40174400c1a3c26d2e43952c8632b798bb93d81292fd
-
SSDEEP
1536:FEToUc4d9UKSXRKOdTPXvHupFEa4dU4pr9aNjKrGdAP953gLRmdRN8:e8Uc4nUKSXRR/uLWUUr9AGrbPz3gLO8
Malware Config
Extracted
asyncrat
0.5.7B
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
127.0.0.1:1177
jntrojan.ddns.net:6606
jntrojan.ddns.net:7707
jntrojan.ddns.net:8808
jntrojan.ddns.net:1177
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
windows.exe
-
install_folder
%Temp%
Signatures
Files
-
9a8f8b44910d4c35a64244354966ce7bdd3bdff9189feee1d8e98b094c855138.zip.zip
Password: infected
-
9a8f8b44910d4c35a64244354966ce7bdd3bdff9189feee1d8e98b094c855138.exe.exe windows x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 42KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 266KB - Virtual size: 266KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ