Behavioral task
behavioral1
Sample
bPnv.exe
Resource
win7-20230712-en
General
-
Target
bPnv.exe
-
Size
47KB
-
MD5
464325a33140ca7e061aeb57b54ef5cf
-
SHA1
defd8dc8a82b5f2890d768f96a0834b971430341
-
SHA256
1fca615f269124082ebf98fbf9eaf6ade833689d96df39b4cc2dfdb80a0e5657
-
SHA512
0fbcaef766ada1dde09bc9dc8b6f3c73b4a40ae0140ca567407b02a15963138bb5a9c429d1476da65cbe5c5694f7e33a7df668eabc9d7ec88d4fc83cf75eeaae
-
SSDEEP
768:oq+s3pUtDILNCCa+DiNG1jhCpFGipfYbmgehVC/75LxcvEgK/JfZVc6KN:oq+AGtQOmexgb5QYDEnkJfZVclN
Malware Config
Extracted
asyncrat
1.0.7
Default
septiembre2022.duckdns.org:2106
DcRatMutex_qwqdanchun
-
delay
1
-
install
false
-
install_folder
%AppData%
Signatures
Files
-
bPnv.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
Imports
mscoree
_CorExeMain
Sections
.text Size: 43KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ