General
-
Target
Gorilla_Task_Loader.exe
-
Size
69KB
-
MD5
b28505d5bc90167cbd18e8c0b9753db7
-
SHA1
e131b72b444acfed57abc58c687e76b092de9cf5
-
SHA256
3de9f93a5456ce1ddef9b6dc58de827a77dee5cd3f92b70fbf75e4ba13ce8607
-
SHA512
637c083fbce40087f9929093f8bc277684ac314fb2723e7529c42bcfdbad0b927870ea2e9086161beaa55e8f36b35c1b9b679c8528ac03127cf302f317fce0b9
-
SSDEEP
768:P5fDDqjTNP7813C8A+XOesoETwjv7S1+T4YSBGHmDbDNphEoXA4Stp1pPSuTn9ph:96NmHvS3YUbnhNAxtpeuj9pqKmY7
Score
10/10
Malware Config
Extracted
Family
asyncrat
Botnet
Default
C2
government-program.gl.at.ply.gg:30927
Mutex
7שZ弗n7Fcת8cI贼西yx4xFΒi2AJ
Attributes
-
delay
1
-
install
true
-
install_file
WindowsSecurityManager.exe
-
install_folder
%Temp%
aes.plain
Signatures
-
Async RAT payload 1 IoCs
-
Asyncrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
Gorilla_Task_Loader.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections