Overview

overview

10

Static

static

10

a95d9d3405...b6.exe

windows7-x64

10

a95d9d3405...b6.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    a95d9d340559a951d34529811a20ff4fe58f26a01cc6aa63b3ab20976fb954b6.exe

  • Size

    65KB

  • MD5

    3bd0a60c267c2d301108a3e2ab0e5740

  • SHA1

    db8419bf8bb9ab03bb790410986bf2e570681352

  • SHA256

    a95d9d340559a951d34529811a20ff4fe58f26a01cc6aa63b3ab20976fb954b6

  • SHA512

    479c0990fcec5181dfe828207adb9a36730064b6c5bc1bda6aeb1f8fd3b97f4fef6dd0935fe9531695e18c75c8f41b0620e679e4c7308059f95403b08d30ace0

  • SSDEEP

    1536:i2Fpvk7JknoDR58tXwL6cgue6rsgE8PU6ay8gTijXbw8UffA0wqkv675m8riTRix:i2FpvkNkgE8PU6ayBTiDbw8Ug0fkvwtD

Score
10/10
rat222asyncrat

Malware Config

Extracted

Family

asyncrat

Version

AWS | 3Losh

Botnet

222

C2

orostoros.mywire.org:222

Mutex

NEW2222

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • Async RAT payload 1 IoCs
    rat
  • Asyncrat family
    asyncrat
  • Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs. 1 IoCs
  • Detects file containing reversed ASEP Autorun registry keys 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • a95d9d340559a951d34529811a20ff4fe58f26a01cc6aa63b3ab20976fb954b6.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections