Behavioral task
behavioral1
Sample
AsyncClient.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
AsyncClient.exe
Resource
win10v2004-20230220-en
General
-
Target
AsyncClient.exe
-
Size
45KB
-
MD5
396113eb702441f9d4377425caa87188
-
SHA1
cdb100adec115eab8239f8d14da3ea3e64c1570c
-
SHA256
ec93adc0594e2c2fb8360d594d434bd5a217f2fb7d4184e086220fcae3886c9f
-
SHA512
daf3c73adbde89d21b4928a541712843d9423c355a74013ac222df3d08f763862f31e31a1e110d683d063f2ce7b208dd6c64d4665a4f088c001d68d0fcf1b34e
-
SSDEEP
768:LudbM1T1fzFPWUDCytmo2qIWKjGKG6PIyzjbFgX3i89bccImEpJp8Mf2uFd0BDZV:LudbM1T1b12qKYDy3bCXS8JcBTpJiuF4
Malware Config
Extracted
asyncrat
0.5.7B
COM Surrogate
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
127.0.0.1:1604
127.0.0.1:14576
127.0.0.1:15074
127.0.0.1:15018
4.tcp.eu.ngrok.io:6606
4.tcp.eu.ngrok.io:7707
4.tcp.eu.ngrok.io:8808
4.tcp.eu.ngrok.io:1604
4.tcp.eu.ngrok.io:14576
4.tcp.eu.ngrok.io:15074
4.tcp.eu.ngrok.io:15018
7.tcp.eu.ngrok.io:6606
7.tcp.eu.ngrok.io:7707
7.tcp.eu.ngrok.io:8808
7.tcp.eu.ngrok.io:1604
7.tcp.eu.ngrok.io:14576
7.tcp.eu.ngrok.io:15074
7.tcp.eu.ngrok.io:15018
6.tcp.eu.ngrok.io:6606
6.tcp.eu.ngrok.io:7707
6.tcp.eu.ngrok.io:8808
6.tcp.eu.ngrok.io:1604
6.tcp.eu.ngrok.io:14576
6.tcp.eu.ngrok.io:15074
6.tcp.eu.ngrok.io:15018
COM Surrogate
-
delay
3
-
install
true
-
install_file
Microsoftfixer.exe
-
install_folder
%AppData%
Signatures
Files
-
AsyncClient.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 42KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ