General
-
Target
SCRSHOT02.scr.exe
-
Size
255KB
-
Sample
230531-l79l7aeb52
-
MD5
cc54630cfed370da5d83b5c3d0ee9ec4
-
SHA1
d18ba6e2d8e877bc0bec89536087f49a4bf32921
-
SHA256
1270491bd3068a4159eee0ad8c8d6871cf0ba80cac9fd749a7e9d1c02f6f3653
-
SHA512
1b7a78bb5303e97cb74896d68d6094a050e8859a2b944840619ad3b589a4654d292363e3afce33a7fd2d1805ead532ba706951149a9742f5040f2252d17b695a
-
SSDEEP
3072:FRsjupfBVcoFDzbtu/c762soY8zyCy0A:MKxBVjF3bc/cpsoYSHA
Static task
static1
Behavioral task
behavioral1
Sample
SCRSHOT02.scr.exe
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
iphy1.duckdns.org:8808
AsyncMutex_6SI8OkPnkg
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
SCRSHOT02.scr.exe
-
Size
255KB
-
MD5
cc54630cfed370da5d83b5c3d0ee9ec4
-
SHA1
d18ba6e2d8e877bc0bec89536087f49a4bf32921
-
SHA256
1270491bd3068a4159eee0ad8c8d6871cf0ba80cac9fd749a7e9d1c02f6f3653
-
SHA512
1b7a78bb5303e97cb74896d68d6094a050e8859a2b944840619ad3b589a4654d292363e3afce33a7fd2d1805ead532ba706951149a9742f5040f2252d17b695a
-
SSDEEP
3072:FRsjupfBVcoFDzbtu/c762soY8zyCy0A:MKxBVjF3bc/cpsoYSHA
-
Async RAT payload
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-