General
-
Target
cf7251cce700eca1370e65fb29f0e5e960a44ac77347ffcaa7daab45f693a8be
-
Size
5KB
-
Sample
231124-hp5nqsgc96
-
MD5
3ed2b4079de8367146d73a4eabbb527b
-
SHA1
59ae6a2c2c6fa1aa8c7bffc04e6123c5b301c038
-
SHA256
cf7251cce700eca1370e65fb29f0e5e960a44ac77347ffcaa7daab45f693a8be
-
SHA512
f7a6e86c1a33e212c932a0a7f3f2674018ed8a48ccd24380ee2a199a0c9133971577d6c7cc93e1ea8294bc68657bbcb8342b8f103dc201a3d37602a8882d5a8d
-
SSDEEP
96:s2cG794DCFyRr/nVIUqSGttZNtUq7GDpxSd3ojJirl:bcg94WFm/eUqS4LNtUq7QSdB
Static task
static1
Behavioral task
behavioral1
Sample
cf7251cce700eca1370e65fb29f0e5e960a44ac77347ffcaa7daab45f693a8be.exe
Resource
win10-20231025-en
Malware Config
Extracted
asyncrat
0.5.7B
Winlogon
46.1.103.69:2341
Winlogon
-
delay
3
-
install
false
-
install_file
Winlogon
-
install_folder
%AppData%
Targets
-
-
Target
cf7251cce700eca1370e65fb29f0e5e960a44ac77347ffcaa7daab45f693a8be
-
Size
5KB
-
MD5
3ed2b4079de8367146d73a4eabbb527b
-
SHA1
59ae6a2c2c6fa1aa8c7bffc04e6123c5b301c038
-
SHA256
cf7251cce700eca1370e65fb29f0e5e960a44ac77347ffcaa7daab45f693a8be
-
SHA512
f7a6e86c1a33e212c932a0a7f3f2674018ed8a48ccd24380ee2a199a0c9133971577d6c7cc93e1ea8294bc68657bbcb8342b8f103dc201a3d37602a8882d5a8d
-
SSDEEP
96:s2cG794DCFyRr/nVIUqSGttZNtUq7GDpxSd3ojJirl:bcg94WFm/eUqS4LNtUq7QSdB
Score10/10-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-