Overview

overview

10

Static

static

10

2028-58-0x...ry.exe

windows7-x64

2028-58-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2028-58-0x0000000000400000-0x0000000000412000-memory.dmp

  • Size

    72KB

  • MD5

    700c314feace5e2a2ef6354677e920ce

  • SHA1

    742b2699c5f2e42c9ccde4c8053d6353e5acb1c1

  • SHA256

    3b9280dce7e162781f1fc572c8457f06f73dee54e4d8b5ab9f858ba0bae06d47

  • SHA512

    2c0475b3e008f639ff2f733267fb5d9ccc4c1b0747e1250d3958ea2ba7b17bb42a8134da20c6424931503f0eaaebbcd8c0f6255d47777ebd0c6564e611f8bb4e

  • SSDEEP

    768:LuScy5TAYGTqWU8j+zmo2qLzKjGKG6PIyzjbFgX3iD1tloFaQcKlqdcBDZ:LuScy5TA5c2eKYDy3bCXSBt2oI4Ad

Score
10/10
ratdefaultasyncrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

windows10-11.ddns.net:1111

windows10-11.ddnsfree.com:1111
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • Async RAT payload 1 IoCs
    rat
  • Asyncrat family
    asyncrat
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2028-58-0x0000000000400000-0x0000000000412000-memory.dmp
    .exe windows x86


    Headers

    Sections