Behavioral task
behavioral1
Sample
9bbd2c016eefb9e2edab3e8202e8a848bebac36f1565b596c54a0c3278a182dc.exe
Resource
win7-20230220-en
General
-
Target
3693114744003b6641e3c767518e47da.bin
-
Size
23KB
-
MD5
b634d0eb7dbc7e8bdc7a32f39633e146
-
SHA1
3643b5fda2a932bb5a2a42e41341648d63b8e3b7
-
SHA256
55a6dff872fcf085ac8d89d4b09424431dc57872c307f47707c33955ee2997de
-
SHA512
306b6a918b94d4566c9c2422d220c14bc37b60e7e578a0978f680fe9880a8df32fe9cc531afe62f813acafc170fb16f69532a049addf7610a79b036e45e62f88
-
SSDEEP
384:ie0/xqB7yFoDF02S/Y15R2M6EIjb7++bTEEFikmdtl6rcSmE6H85va:i1/xWVR//cM6EK7+yPFRWtok85va
Malware Config
Extracted
asyncrat
0.5.6D
Default
seznam.zapto.org:6606
seznam.zapto.org:7707
seznam.zapto.org:8808
milla11.publicvm.com:6606
milla11.publicvm.com:7707
milla11.publicvm.com:8808
trffisyuiifgqcpeof
-
delay
5
-
install
true
-
install_file
explorere.exe
-
install_folder
%AppData%
Signatures
Files
-
3693114744003b6641e3c767518e47da.bin.zip
Password: infected
-
9bbd2c016eefb9e2edab3e8202e8a848bebac36f1565b596c54a0c3278a182dc.exe.exe windows x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
Imports
mscoree
_CorExeMain
Sections
.text Size: 42KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ