Behavioral task
behavioral1
Sample
bKUy.exe
Resource
win7-20230220-en
General
-
Target
bKUy.exe
-
Size
63KB
-
MD5
9bd557d5267ebfb6baaf4a21a66ed2c6
-
SHA1
3c2c2b3bc380622464e99555df6da3a3830b7460
-
SHA256
486d9c1f259ee472964bf817ed2b8e218440f7b1145230ff8cbba6a3da3c8f55
-
SHA512
7f5f670e16bf389a46dfe67bbf9e6eea5232054a5014f087e14338c14fe9f4aa7e7cfde783638bea7cb51f648d98c67f1762856a7282bc4276a56435bc4fbde7
-
SSDEEP
1536:zhp5LrUwk4Xq0WdZeeiMl8GbbXwI1vNGRZVclN:zhp5LrUwk4XqdMeFmGbbXRUzY
Malware Config
Extracted
asyncrat
1.0.7
Default
dcleomessi.duckdns.org:4243
DcRatMutex_qwqdanchun
-
delay
1
-
install
false
-
install_folder
%AppData%
Signatures
Files
-
bKUy.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
Imports
mscoree
_CorExeMain
Sections
.text Size: 58KB - Virtual size: 58KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ