Behavioral task
behavioral1
Sample
Svchost.exe
Resource
win7-20240220-en
General
-
Target
Svchost.exe
-
Size
48KB
-
MD5
2c01d39807db97c023bed5a537afc7d1
-
SHA1
fb5cae1a4c68278631803413a34182141b85c4a2
-
SHA256
3f5d4db207164b474b8db3b278f7d9646145181a8211e6c851f1a40aec05a9c4
-
SHA512
367256dd718596de7b89b0a910a96194dd7514eb83eb8670dea83326af63564dc1e9952142903203e2df876531ea034921c0e82616f7836f0125b8e3026744f7
-
SSDEEP
768:KuwhFTAY3IQWUe9jqmo2qLfRjDp0pCFUUgPIPJnPCZ01h0bqmHZIUmTT6FkHZBcG:KuwhFTA4/2c5DSC/FPJPCZJbqiy/H2kd
Malware Config
Extracted
asyncrat
0.5.8
Default
report-dust.gl.at.ply.gg:28329
report-dust.gl.at.ply.gg:8188
9VMpESMh922h
-
delay
3
-
install
true
-
install_file
Svchost.exe
-
install_folder
%AppData%
Signatures
Files
-
Svchost.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 44KB - Virtual size: 44KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ