General
-
Target
66d68d28dc38342d3671e29ebb9a7a1f
-
Size
257KB
-
Sample
240119-gdccdaged5
-
MD5
66d68d28dc38342d3671e29ebb9a7a1f
-
SHA1
e53a741a278efae6a99b429b46389dee1fbdbb1a
-
SHA256
ac4865ab123b5ab1b9296a2522bd5a65c21e78a292af176e8e1d13f2198ba2a6
-
SHA512
8cac4368de3fc9e35b5ea15dc5f1d3e02c45682bab536a10a456c5bb53ac181838707b95e08856d30a219e4780df1463944e85a85b4085aa2f967b32b7792121
-
SSDEEP
6144:OeY9aZtkiIWigQ7i62kEGcJWR6JzyhvU2u3:+nXz7i62kEGcJWR6M1K
Static task
static1
Behavioral task
behavioral1
Sample
66d68d28dc38342d3671e29ebb9a7a1f.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
66d68d28dc38342d3671e29ebb9a7a1f.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
31.210.20.231:200
STANDART
-
delay
3
-
install
false
-
install_file
RuntimeBroker.exe
-
install_folder
%AppData%
Targets
-
-
Target
66d68d28dc38342d3671e29ebb9a7a1f
-
Size
257KB
-
MD5
66d68d28dc38342d3671e29ebb9a7a1f
-
SHA1
e53a741a278efae6a99b429b46389dee1fbdbb1a
-
SHA256
ac4865ab123b5ab1b9296a2522bd5a65c21e78a292af176e8e1d13f2198ba2a6
-
SHA512
8cac4368de3fc9e35b5ea15dc5f1d3e02c45682bab536a10a456c5bb53ac181838707b95e08856d30a219e4780df1463944e85a85b4085aa2f967b32b7792121
-
SSDEEP
6144:OeY9aZtkiIWigQ7i62kEGcJWR6JzyhvU2u3:+nXz7i62kEGcJWR6M1K
Score10/10-
Async RAT payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-