General
-
Target
964-606-0x00000000005D0000-0x00000000005E6000-memory.dmp
-
Size
88KB
-
MD5
b1b251fdce12e2be9f95e6d8fd6e06d5
-
SHA1
62ee2d94a8ee47ee99890d47f031040c8d557297
-
SHA256
48e62882cd58d94fd5deded7878906b431d7e8c9ac249a76d7606c63de3de313
-
SHA512
a2aa7c7b1ec7f9d0a92fd4c256bbb961266a609c425d61caa85dd2fa83ca6c511de7dd58c4acf112fbf5d636773a5cdfb312430fa6416b2d40a7f6e6a040b418
-
SSDEEP
1536:/C2FoaIkEZMqC3qkrfF6JoocXmoE83U6aEw5o3D6Lmbbi8SzSN5A/w8rgTRdx:K2FoaIkJE83U6aEGoTTbbpoxeDx
Score
10/10
Malware Config
Extracted
Family
asyncrat
Version
JAMESRAT ���� JAMES RAT
Botnet
Default
C2
474ba67bdb289c6263b36dfd8.xyz:8788
Mutex
AsyncMutex_6SI8OkPnk
Attributes
-
delay
3
-
install
false
-
install_file
dd.exe
-
install_folder
%AppData%
aes.plain
Signatures
-
Async RAT payload 1 IoCs
-
Asyncrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
964-606-0x00000000005D0000-0x00000000005E6000-memory.dmp
Headers
Sections