General

  • Target

    Dllhost.exe

  • Size

    47KB

  • MD5

    87bc62c9412b158944dcd660b65c1fc9

  • SHA1

    bf2541d0537f58440738c9b6a8f43b3da95588cc

  • SHA256

    b324d1b19e6c6eff0efb46fbee13d56a71ecdf1f3891a30f3435ba671adf07f0

  • SHA512

    9d6b2c0b8e1768307b4a7f5ca4b6b6f5720b1882271ba666ff1e24b8560b77c47b478122abec5b6c660eb7acb74ec46818dc2ba373fdad999b1623e170ee82fd

  • SSDEEP

    768:AuwpFTAY3IQWUe9jqmo2qL8w92alD/NOaPIEbc8ZY40bNWVXgfOpcob01BDZjx:AuwpFTA4/2OtlrNOjEIwYzbN6XgWidbH

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

4.tcp.eu.ngrok:17215

Mutex

KUvjRMJgonFa

Attributes
  • delay

    3

  • install

    true

  • install_file

    dllhost.exe

  • install_folder

    %AppData%

aes.plain

Signatures

  • Async RAT payload 1 IoCs
  • Asyncrat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Dllhost.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections