General
-
Target
4204-31-0x0000000000400000-0x0000000000412000-memory.dmp
-
Size
72KB
-
MD5
489cc531c9c1d4c0c594b509b6bff87e
-
SHA1
0e528127ceb0403b9152e0e9a257d36feb267086
-
SHA256
5fee6e2d921cd1ea01fe9b457f1058ee07957d02585ba0fd115afc73e9b6687a
-
SHA512
b708c5a5c888930b2bff60f4614cefcc32602f9eeb451ea7a3b7a4650f641fa3c451d38b4664d8c898968e21bae530c19213a045b0a77c2458c129dfa415f834
-
SSDEEP
1536:Pug4NTRQDF25QnN3byXSbwpVcCYutmKwd3x:PugUTRQDF2unN3byzV7YutQVx
Score
10/10
Malware Config
Extracted
Family
asyncrat
Version
0.5.7B
Botnet
Default
C2
cyesterbill.chickenkiller.com:7707
cyesterbill.chickenkiller.com:8808
aoputer.crabdance.com:7707
aoputer.crabdance.com:8808
Mutex
AsyncMutex_6SI8OfPnb
Attributes
-
delay
3
-
install
true
-
install_file
flow.exe
-
install_folder
%AppData%
aes.plain
Signatures
-
Asyncrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
4204-31-0x0000000000400000-0x0000000000412000-memory.dmp
Headers
Sections