Overview

overview

10

Static

static

10

1696-6-0x0...ry.exe

windows7-x64

1696-6-0x0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    1696-6-0x0000000000400000-0x0000000000416000-memory.dmp

  • Size

    88KB

  • MD5

    1e3b1b001fc1d3fd2fffc82c88b11776

  • SHA1

    5a6412b8d7cc8e31b6d58238cb0b76b3d44b0b3e

  • SHA256

    2da14e37d7fe8e9cfdb1219fa2bd932033bd935fefe1ee7b2082425e8c47237d

  • SHA512

    4a03f107cf854342a9f61398e5e554ff9321275651bfb4c23b78e679daeb3f9b2efae8a451789a47fd9f719fa8e97da1ef3d163ec8702222544e79c0e9b931ed

  • SSDEEP

    1536:xJ1XXlloMdexiObpg4CaUF4DRGbb1wT+U2H0sG:xJ1XXlloMdeFby4HtGbb1M+UG

Score
10/10
ratdefaultasyncrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

xcrew1990.kozow.com:32400

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_file

    kreps1.exe

  • install_folder

    %AppData%

aes.plain

Signatures

  • Async RAT payload 1 IoCs
    rat
  • Asyncrat family
    asyncrat
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1696-6-0x0000000000400000-0x0000000000416000-memory.dmp
    .exe windows:4 windows x86


    Headers

    Sections