General
-
Target
update.cmd
-
Size
48KB
-
Sample
240313-xv3tnadd4x
-
MD5
5e0da87496c6454d04148baabc21469d
-
SHA1
82be7e466e91f4fc62d33d5d560123782244c697
-
SHA256
d021be3175abbbcc6fdc2e8bc118f40f4969653d6f2a93231c013c9664670231
-
SHA512
9cc02ad6dc262a32de5e71e3b3c72e6a818e5360503db211c925e9a587c00fb990fbfa23d8adf8a6aa69f5a411dfab8c09a7354af3161d50cd7001ddd8a47df7
-
SSDEEP
1536:aNwDnqwG8bfHOs2o6A5KXhM3xpZU4Q6fof0YTf:cwrZbfHL5KXmy4QXf0YTf
Static task
static1
Behavioral task
behavioral1
Sample
update.cmd
Resource
win7-20240221-en
Malware Config
Extracted
asyncrat
0.5.8
M13
editorials.duckdns.org:5801
FMP1pUmaOyhu
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
update.cmd
-
Size
48KB
-
MD5
5e0da87496c6454d04148baabc21469d
-
SHA1
82be7e466e91f4fc62d33d5d560123782244c697
-
SHA256
d021be3175abbbcc6fdc2e8bc118f40f4969653d6f2a93231c013c9664670231
-
SHA512
9cc02ad6dc262a32de5e71e3b3c72e6a818e5360503db211c925e9a587c00fb990fbfa23d8adf8a6aa69f5a411dfab8c09a7354af3161d50cd7001ddd8a47df7
-
SSDEEP
1536:aNwDnqwG8bfHOs2o6A5KXhM3xpZU4Q6fof0YTf:cwrZbfHL5KXmy4QXf0YTf
-
Async RAT payload
-
Blocklisted process makes network request
-