General

  • Target

    Infected.exe

  • Size

    63KB

  • MD5

    0d5f683e10eb28000597e3c3d2594741

  • SHA1

    a2fe5ca6ce2d9c3ff7fb733ee6a707c0dda17667

  • SHA256

    bf7a53c5db252212663303fd5492a75244b43beabbcc5a59b131ee46f8bbeb40

  • SHA512

    4d6341e43f3001c5ae6d38e7645d58f09849e6caf58f9879f52f1ec220bc0f306fab3d63c1c3f91b182f31b48d7d5f449654a32d103bc197102ea464e2525e56

  • SSDEEP

    768:Qv0M2UM/978aQC8A+XjlazcBRL5JTk1+T4KSBGHmDbD/ph0oXn9Nd9QeSu0dpqKX:b1/k/dSJYUbdh9nn/Su0dpqKmY7

Score
10/10

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:3232

127.0.0.1:13116

4.tcp.eu.ngrok.io:3232

4.tcp.eu.ngrok.io:13116

Mutex

弗吾9g吾吉ΔdgTXBG杰Η诶k7

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • Async RAT payload 1 IoCs
  • Asyncrat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Infected.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections