General

  • Target

    bPnv.exe

  • Size

    47KB

  • MD5

    464325a33140ca7e061aeb57b54ef5cf

  • SHA1

    defd8dc8a82b5f2890d768f96a0834b971430341

  • SHA256

    1fca615f269124082ebf98fbf9eaf6ade833689d96df39b4cc2dfdb80a0e5657

  • SHA512

    0fbcaef766ada1dde09bc9dc8b6f3c73b4a40ae0140ca567407b02a15963138bb5a9c429d1476da65cbe5c5694f7e33a7df668eabc9d7ec88d4fc83cf75eeaae

  • SSDEEP

    768:oq+s3pUtDILNCCa+DiNG1jhCpFGipfYbmgehVC/75LxcvEgK/JfZVc6KN:oq+AGtQOmexgb5QYDEnkJfZVclN

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

septiembre2022.duckdns.org:2106

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • Async RAT payload 1 IoCs
  • Asyncrat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • bPnv.exe
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections