Behavioral task
behavioral1
Sample
9a8f8b44910d4c35a64244354966ce7bdd3bdff9189feee1d8e98b094c855138.exe
Resource
win7-20230220-en
General
-
Target
9a8f8b44910d4c35a64244354966ce7bdd3bdff9189feee1d8e98b094c855138.zip
-
Size
84KB
-
MD5
f221acda7324a23687d6717658bf880d
-
SHA1
c3fe176912af3c672bd231957500a92f6d766c27
-
SHA256
d63fedd504eedde32ee1ce7f1d5503b3720e1263b719440436508aa6c4f3b1fa
-
SHA512
5ed7517752b4f02ad80e1c4e6be17cde9377d5eb986b6140b44b114bc789e6b098165c51c5a17e1786eb02fd4b387e16d841c6fc680ce86824c8f19d62df5598
-
SSDEEP
1536:1DYgmqfbKFSRe9SmXX1mrQWZS+oicFSZPJeFtZ3AxkwiFZUfzJqubcSL:17uFSRecmXXcrQWZS+o1wZPJG3siu4IL
Malware Config
Extracted
asyncrat
0.5.7B
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
127.0.0.1:1177
jntrojan.ddns.net:6606
jntrojan.ddns.net:7707
jntrojan.ddns.net:8808
jntrojan.ddns.net:1177
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
windows.exe
-
install_folder
%Temp%
Signatures
Files
-
9a8f8b44910d4c35a64244354966ce7bdd3bdff9189feee1d8e98b094c855138.zip.zip
Password: infected
-
9a8f8b44910d4c35a64244354966ce7bdd3bdff9189feee1d8e98b094c855138.exe.exe windows x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 42KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 266KB - Virtual size: 266KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ