General
-
Target
d242df7f2b38186e3ff903b28119c09883df033ba2519e9b5f19eb0652f78975.exe
-
Size
313KB
-
MD5
2aeeb429e9290526b96bf4b58b2411ad
-
SHA1
4b4527fbd51763b51d4acebcf157ba3bd5082ce1
-
SHA256
d242df7f2b38186e3ff903b28119c09883df033ba2519e9b5f19eb0652f78975
-
SHA512
8de691347446377838638dd97ab36ad4fbec672be0158451778901bf4ee62b6002f18fe06c7365b952d0650308eb78dadd9d338c91c67b181041807004c242cc
-
SSDEEP
6144:48XN6W8mmHPtppXPSi9b4qt3GPMVRSbfWraqe9s:FN6qatppXP1t3jcWraq
Score
10/10
Malware Config
Signatures
-
Async RAT payload 1 IoCs
-
Asyncrat family
-
Detect Xworm Payload 1 IoCs
-
Detects Windows executables referencing non-Windows User-Agents 1 IoCs
-
Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion 1 IoCs
-
Detects executables attemping to enumerate video devices using WMI 1 IoCs
-
Detects executables containing URLs to raw contents of a Github gist 1 IoCs
-
Detects executables referencing Discord tokens regular expressions 1 IoCs
-
Detects executables referencing Windows vault credential objects. Observed in infostealers 1 IoCs
-
Detects executables referencing credit card regular expressions 1 IoCs
-
Detects executables referencing many VPN software clients. Observed in infosteslers 1 IoCs
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers 1 IoCs
-
Detects executables using Telegram Chat Bot 1 IoCs
-
Detects executables with interest in wireless interface using netsh 1 IoCs
-
Detects file containing reversed ASEP Autorun registry keys 1 IoCs
-
StormKitty payload 1 IoCs
-
Stormkitty family
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
d242df7f2b38186e3ff903b28119c09883df033ba2519e9b5f19eb0652f78975.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections