General

  • Target

    2032-11-0x0000000000400000-0x0000000000416000-memory.dmp

  • Size

    88KB

  • MD5

    ee4080a11afe22f7b2614cb4b5a9e345

  • SHA1

    a959c99ac246996b4bc002fd0925a3c95c4ecbb4

  • SHA256

    5abfcce47f72506584b1a2388d62634a0fb45d632d276ce543fb380128b59168

  • SHA512

    0c9cd8ddb81ad050e19c54155721c2c38568e47c564dadb50d67abe101de69cd5fd3cbfb4e4c1a886b483cc6327e823cc80f04d19afb1143239cbfb10677361b

  • SSDEEP

    1536:/qCTtoHDUkQaIKuGUYFVoB+ehbXuJXZHQl8VrXlTGhx:/qAoHDUkuKuGUYFVolhbXMpwl8VlSx

Malware Config

Extracted

Family

asyncrat

Version

| nelsontriana980

Botnet

Prueba-cookies

C2

subdominiodesub.duckdns.org:6606

Mutex

AsyncMutex_GNhcP0aLwKV1

Attributes
  • delay

    3

  • install

    false

  • install_file

    WD.exe

  • install_folder

    %AppData%

aes.plain

Signatures

  • Asyncrat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2032-11-0x0000000000400000-0x0000000000416000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections