Behavioral task
behavioral1
Sample
ae549e5f222645c4ec05d5aa5e2f0072f4e668da89f711912475ee707ecc871e.exe
Resource
win7-20230831-en
General
-
Target
222cf7fb823aedd40d2b57b2a8d5ea86.bin
-
Size
12KB
-
MD5
b69c3d0f7354c1c07dfcadefea8b8b6f
-
SHA1
d5d8680272d989881251acbe229ccf5d0848864b
-
SHA256
d653c476ebcbd5a7beafc32f6fc3919170fce66d4292e3aa8995416c58b00ea9
-
SHA512
73e420374a6531b78dded0eeb4ea57525749870a3ace9b895cd0d85a34c5286aa8b64f40c32c07ee56fab6b11846e32c7681c99c92905e484299bc3418d68b80
-
SSDEEP
384:7YiPyRwso2s2ark3MXFbB1x3jBgwfFZLRP5jF:kiqVs2YRbB1PTfFnPhF
Malware Config
Signatures
-
Async RAT payload 1 IoCs
resource yara_rule static1/unpack001/ae549e5f222645c4ec05d5aa5e2f0072f4e668da89f711912475ee707ecc871e.exe asyncrat -
Asyncrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/ae549e5f222645c4ec05d5aa5e2f0072f4e668da89f711912475ee707ecc871e.exe
Files
-
222cf7fb823aedd40d2b57b2a8d5ea86.bin.zip
Password: infected
-
ae549e5f222645c4ec05d5aa5e2f0072f4e668da89f711912475ee707ecc871e.exe.exe windows x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 23KB - Virtual size: 23KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ