Behavioral task
behavioral1
Sample
2756-15-0x0000000000400000-0x0000000000416000-memory.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2756-15-0x0000000000400000-0x0000000000416000-memory.exe
Resource
win10v2004-20240426-en
General
-
Target
2756-15-0x0000000000400000-0x0000000000416000-memory.dmp
-
Size
88KB
-
MD5
bda53707b7be1d275a34a35c1418738e
-
SHA1
7ddeff832bc853a1cb0a2dfb9e698e90c003d111
-
SHA256
f45164fe98dc6474167ba756476d6f83b44bae1b3d7c36b487d6b15223696a71
-
SHA512
bfc46d65116d1178cc754598e4691a83e6cea3db978c836d08216325af9eed1260909d3683b2421332cb1f451f9ed4451aa1fe978ebea6337e6b774c8f4570ab
-
SSDEEP
1536:42O7qF6t7EJr4Q4iMfd/1pbbpkvIdcQNs16TidTy/l/AKGpzPlbdKgRTk2kySbyV:42O7qF6t7EJsDiMfd/1pbbpkvIdcQNsh
Malware Config
Extracted
asyncrat
AWS | 3Losh
neq
goodone.loseyourip.com:6606
goodone.loseyourip.com:7707
goodone.loseyourip.com:8808
AsyncMutex_adnocxxs
-
delay
3
-
install
false
-
install_folder
%AppData%
Signatures
-
Asyncrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2756-15-0x0000000000400000-0x0000000000416000-memory.dmp
Files
-
2756-15-0x0000000000400000-0x0000000000416000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 61KB - Virtual size: 61KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ