General
-
Target
a3c85ae937fa498fc73db79b951072565bbd13871e121ea54cbcd6a5b5ca962a
-
Size
86KB
-
Sample
231124-hp5zhagc97
-
MD5
895e159d009d2f5f77e0411ec55e5d1c
-
SHA1
6531925d61dd4188685b642bf5be98ba50702b29
-
SHA256
a3c85ae937fa498fc73db79b951072565bbd13871e121ea54cbcd6a5b5ca962a
-
SHA512
375a30894de4f3ab9cce4345a143064e9291956bde3fcef2e5f8024f5a7b2a9815a04f972ba2987f18d74d1abed48c1d073fe2b301d494c218fde761b5388c47
-
SSDEEP
1536:FyJxJgYSiBgCnp5m3pEn2jCq/2K4FBLdqPeuyBZS/n4bHGbgyH8uK2t5QK2jr:FKgTiBD5mCQB/+RBZSNbgyHVK2t5QKQ
Static task
static1
Behavioral task
behavioral1
Sample
a3c85ae937fa498fc73db79b951072565bbd13871e121ea54cbcd6a5b5ca962a.exe
Resource
win10-20231023-en
Malware Config
Extracted
asyncrat
0.5.7B
Winlogon
46.1.103.69:2341
Winlogon
-
delay
3
-
install
false
-
install_file
Winlogon
-
install_folder
%AppData%
Targets
-
-
Target
a3c85ae937fa498fc73db79b951072565bbd13871e121ea54cbcd6a5b5ca962a
-
Size
86KB
-
MD5
895e159d009d2f5f77e0411ec55e5d1c
-
SHA1
6531925d61dd4188685b642bf5be98ba50702b29
-
SHA256
a3c85ae937fa498fc73db79b951072565bbd13871e121ea54cbcd6a5b5ca962a
-
SHA512
375a30894de4f3ab9cce4345a143064e9291956bde3fcef2e5f8024f5a7b2a9815a04f972ba2987f18d74d1abed48c1d073fe2b301d494c218fde761b5388c47
-
SSDEEP
1536:FyJxJgYSiBgCnp5m3pEn2jCq/2K4FBLdqPeuyBZS/n4bHGbgyH8uK2t5QK2jr:FKgTiBD5mCQB/+RBZSNbgyHVK2t5QKQ
Score10/10-
Async RAT payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-