General
-
Target
wre1qfw4onYJo7UlPkTY1ole0wOo8OKXbt9.bin
-
Size
45KB
-
MD5
bb82c303884b453d4fed9aed1fd1e898
-
SHA1
e481a47b940b006ff8d5134c56ce49434239e9f7
-
SHA256
ab14fea139d44455bf9f09fe5846da061fccfaf1fc20bbbb9767fd8311cf97ac
-
SHA512
225f1190ea3e7abc13462e48e6ed6f2d45b4a53b7d92510182f53afad4662a651e61f5da5452cf62f4b7fa4619cef5d55ae22f6ff14749f448a935c14e9f39ca
-
SSDEEP
768:vuvY5TdxS7SWUkHm7mo2qLMBCWfJhYgmOPI3zjbqgX3izQWdpjiUvPXBDZXx:vuvY5TdUg2/JzdU33b9XSJzp5dXx
Malware Config
Extracted
asyncrat
0.5.7B
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
127.0.0.1:1236
127.0.0.1:14283
127.0.0.1:13400
127.0.0.1:4578
tcp://2.tcp.ngrok.io:6606
tcp://2.tcp.ngrok.io:7707
tcp://2.tcp.ngrok.io:8808
tcp://2.tcp.ngrok.io:1236
tcp://2.tcp.ngrok.io:14283
tcp://2.tcp.ngrok.io:13400
tcp://2.tcp.ngrok.io:4578
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Signatures
Files
-
wre1qfw4onYJo7UlPkTY1ole0wOo8OKXbt9.bin.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 42KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ