General

  • Target

    Svchost.exe

  • Size

    48KB

  • MD5

    2c01d39807db97c023bed5a537afc7d1

  • SHA1

    fb5cae1a4c68278631803413a34182141b85c4a2

  • SHA256

    3f5d4db207164b474b8db3b278f7d9646145181a8211e6c851f1a40aec05a9c4

  • SHA512

    367256dd718596de7b89b0a910a96194dd7514eb83eb8670dea83326af63564dc1e9952142903203e2df876531ea034921c0e82616f7836f0125b8e3026744f7

  • SSDEEP

    768:KuwhFTAY3IQWUe9jqmo2qLfRjDp0pCFUUgPIPJnPCZ01h0bqmHZIUmTT6FkHZBcG:KuwhFTA4/2c5DSC/FPJPCZJbqiy/H2kd

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

report-dust.gl.at.ply.gg:28329

report-dust.gl.at.ply.gg:8188

Mutex

9VMpESMh922h

Attributes
  • delay

    3

  • install

    true

  • install_file

    Svchost.exe

  • install_folder

    %AppData%

aes.plain

Signatures

  • Async RAT payload 1 IoCs
  • Asyncrat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Svchost.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections