Overview

overview

10

Static

static

10

0x000a0000...66.exe

windows7-x64

10

0x000a0000...66.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    0x000a0000000122e8-66.dat

  • Size

    45KB

  • MD5

    485e3c00fbc44e772dbfd9bb748e20f8

  • SHA1

    813fd3700e35541a755574680f119a7eda2819be

  • SHA256

    963c16437249ebdb1b9b0e873ea9098278568795a1f0e6da7ed98d202002e9f7

  • SHA512

    47f263a85550f06cec5c80daefcf9acfe6f4aaf3020a360e88801c4ad37cf1b7ccf4fded63f471a3d0c80c66755d041aa3376a3f1128192d7929b1421757dd69

  • SSDEEP

    768:6u6fdTvER+SWUkzP4mo2qbXHO9+oHPIC1zjb3gX3inydmEo2OHxt3BDZdG:6u6fdTv2V2BNgC13bQXSyoD2ORjddG

Score
10/10
ratninjagramasyncrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

ninjagram

C2

protectgoogle.ddns.net:6606

protectgoogle.ddns.net:7707

protectgoogle.ddns.net:8808
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    true

  • install_file

    winstart.exe

  • install_folder

    %AppData%

aes.plain

Signatures

  • Async RAT payload 1 IoCs
    rat
  • Asyncrat family
    asyncrat
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 0x000a0000000122e8-66.dat
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections