Overview

overview

10

Static

static

10

Siski.exe

windows10-2004-x64

10

Siski.exe

windows11-21h2-x64

10

Resubmissions

12-02-2024 15:39

240212-s3q3lsbb34 10

12-02-2024 15:38

240212-s24mbahd9z 10

07-09-2023 13:31

230907-qswh8sab22 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Siski malware.zip

  • Size

    23KB

  • MD5

    acb1f5986b16ee9527e3df11f1fdc13e

  • SHA1

    91a29981e09b8f45a33180884f9ecfea314a8fb0

  • SHA256

    632e0acde5ce4396687aa3dc3790eba74ee68d1888d187c67e958dc64e07e119

  • SHA512

    c413bfb37b8feb740ed53bcc23dce9645b491c50e6e86579847b23e21d75aaf88e86752f13b9c13e4f37a16bf50a827ab25e79277ee01ccc3a832501785d260b

  • SSDEEP

    384:yAlojh3/96drjnr15kh1EzNeRJdfBuZ4mdVwZ7KB9YF9JkpirViz6xuRN/AyRAQ8:yAlo93lMroh1J04mDm7KvYF9upirVMjS

Score
10/10
ratdefaultasyncrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

127.0.0.1:8848

109.120.188.95:8848
Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • Async RAT payload 1 IoCs
    rat
  • Asyncrat family
    asyncrat
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Siski malware.zip
    .zip

    Password: infected

  • Siski.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections