General
-
Target
3052-1401-0x0000000000400000-0x0000000000424000-memory.dmp
-
Size
144KB
-
MD5
b7165dc0e171f00d91e09d3ae274de01
-
SHA1
a8a7241bb012291d2823bed37c3efadf6738ed35
-
SHA256
458ad8703dfddc201133f811b83606d6e1ee029c629a30029b1b265a7d333195
-
SHA512
8772ee0b9411fa94b0e3aaf54e1b84477d4e106b6664bcbc5382c2ea8fc7f1a7726950d1f7816407f69c4dbf3227b24008bd20e62b4790a4a9d36dc40715be5c
-
SSDEEP
3072:IMQeQ7XyXTerBGCoZIeqsH/ebouOb3OrKHDk:9iXyXTGGCoyeqsH/ebdOEE
Score
10/10
Malware Config
Extracted
Family
asyncrat
Version
0.5.2
C2
172.245.23.178:7777
Mutex
248-d2dfde77acb0
Attributes
-
delay
0
-
install
true
-
install_file
note.exe
-
install_folder
%AppData%
aes.plain
Signatures
-
Async RAT payload 1 IoCs
-
Asyncrat family
-
Contains code to disable Windows Defender 1 IoCs
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
3052-1401-0x0000000000400000-0x0000000000424000-memory.dmp
Headers
Sections