General

  • Target

    3640-167-0x000001519FD30000-0x000001519FD42000-memory.dmp

  • Size

    72KB

  • MD5

    4391e3cb9464f015722a26b1426423bd

  • SHA1

    297777ebc65447e670445d7231cc87eb294b4282

  • SHA256

    72a1fbab5749d564192be2f1d5ab8916861586b19a36a038ef3aebf26070d763

  • SHA512

    079b6d0956adf7fe80fdb513c75e5f1d2698b4e94aa8c30a2ecfdc8d3bf3c67925d530a2d2a000a37641a135ed885ce68b49900f9884eb12e6758b175c6d4dda

  • SSDEEP

    768:dOEuILWCKi+DiBtelDSN+iV08YbygeTnmeuPBivEgK/J9lZVc6KN:dOtmBtKDs4zb1Snmeu5inkJ3ZVclN

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

scrubloader

C2

scrubloader.ru:2192

Mutex

DcRatMutex_qwqdanchuncd

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • Async RAT payload 1 IoCs
  • Asyncrat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 3640-167-0x000001519FD30000-0x000001519FD42000-memory.dmp
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections