General
-
Target
4jPil0QfToiS.exe
-
Size
2.5MB
-
Sample
230401-v59zlsch3w
-
MD5
6b1b891a90db1d560b9f56cf6acbdae3
-
SHA1
329c5393398b05223a2babde37ba7bc6c0fb77d9
-
SHA256
37d9ca4b7510f0e275b026df8690eec1ae0afffd0658a60e34461c18cab8d950
-
SHA512
9f12d0a62f00abdc2137160113c868ad42a896d835532ed7035558c0db9e6a346243566ba12a107f2d67cd906996f8d73ad01f404cabde497d1ac0b40449289f
-
SSDEEP
49152:Xtmcf5nmwTNPWh+jtm7d5QyjaYWeheW5hOgdw7v+c7+OwgUTiF+BI2l:dmo9mwpk+jE7YGaxQOgdij+bgUTN22l
Malware Config
Extracted
asyncrat
1.0.7
Default
127.0.0.1:1605
skalleper.ddns.net:1605
agihasoiuhaoihgoasuqgic
-
delay
1
-
install
true
-
install_file
Microsoft Health Service.exe
-
install_folder
%AppData%
Targets
-
-
Target
4jPil0QfToiS.exe
-
Size
2.5MB
-
MD5
6b1b891a90db1d560b9f56cf6acbdae3
-
SHA1
329c5393398b05223a2babde37ba7bc6c0fb77d9
-
SHA256
37d9ca4b7510f0e275b026df8690eec1ae0afffd0658a60e34461c18cab8d950
-
SHA512
9f12d0a62f00abdc2137160113c868ad42a896d835532ed7035558c0db9e6a346243566ba12a107f2d67cd906996f8d73ad01f404cabde497d1ac0b40449289f
-
SSDEEP
49152:Xtmcf5nmwTNPWh+jtm7d5QyjaYWeheW5hOgdw7v+c7+OwgUTiF+BI2l:dmo9mwpk+jE7YGaxQOgdij+bgUTN22l
-
Async RAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-