General
-
Target
RestourantDemo_1.exe
-
Size
11.3MB
-
Sample
230422-2kljvaah2y
-
MD5
afe40b3bbb53fb78d95df5b831701f22
-
SHA1
9e24c1a459af784f008f3c2f7ceb9f511e6d93d0
-
SHA256
1985c69210ddc21c342e9ab70e406f2f9cfef0ed3a54ba88b8f1a60a648757ec
-
SHA512
e7619690e0e4729841e9f92c190a79d79809d4f04049cbef4e3eb381b5ea7fc29c1d50435977c5d87e95e3393cc60cfd998ce6d42037b8488f773ed86aee6a3b
-
SSDEEP
196608:/J6nA8RqX+xcyPBB3BLmp5WC8RnCXeJMxHXLe3D:luicbmBvWMRXLU
Behavioral task
behavioral1
Sample
RestourantDemo_1.exe
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
1.0.7
Default
45.80.158.113:8848
45.80.158.113:8080
DcRatMutex_qwqdanchun
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
RestourantDemo_1.exe
-
Size
11.3MB
-
MD5
afe40b3bbb53fb78d95df5b831701f22
-
SHA1
9e24c1a459af784f008f3c2f7ceb9f511e6d93d0
-
SHA256
1985c69210ddc21c342e9ab70e406f2f9cfef0ed3a54ba88b8f1a60a648757ec
-
SHA512
e7619690e0e4729841e9f92c190a79d79809d4f04049cbef4e3eb381b5ea7fc29c1d50435977c5d87e95e3393cc60cfd998ce6d42037b8488f773ed86aee6a3b
-
SSDEEP
196608:/J6nA8RqX+xcyPBB3BLmp5WC8RnCXeJMxHXLe3D:luicbmBvWMRXLU
-
Async RAT payload
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-