General

  • Target

    3148-172-0x0000000000400000-0x0000000000416000-memory.dmp

  • Size

    88KB

  • MD5

    26a0162378d4b0f77252007366e09daa

  • SHA1

    13e04efc9d498379afb0976362e59dc661bb03ca

  • SHA256

    64743f796733b414b1d99bebc0116e9d98540d16e529d7ad5f9eb6e6f273b075

  • SHA512

    1a390ee6b3d027f05b1aac75b5f3d606a12e52e8d9b6918687c80b36d65747d0dbb11353c4d363fea298533814f44e6a5598f8cd00023ea5430553bbd43eda0e

  • SSDEEP

    1536:J2wukvF1ak9gcKu5UYFX1UMxvUb0JUM0I1g/ln6PrQTGpx:J2dkvF1ak9Ku5UYFFRMb0l0ILGqx

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Default

C2

ghoss.freeddns.org:6606

ghoss.freeddns.org:7707

ghoss.freeddns.org:8808

Mutex

AsyncMutex_6SI68OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • Async RAT payload 1 IoCs
  • Asyncrat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 3148-172-0x0000000000400000-0x0000000000416000-memory.dmp
    .exe windows x86


    Headers

    Sections