Behavioral task
behavioral1
Sample
2cb3ccdd4a695657e2a4a73147070f2c724d3ec1e9b1febddc4774643eeaa044.exe
Resource
win7-20240220-en
General
-
Target
2cb3ccdd4a695657e2a4a73147070f2c724d3ec1e9b1febddc4774643eeaa044
-
Size
47KB
-
MD5
c6f6dc7bba217c28483bf2d105cbfad2
-
SHA1
e09f5fb55ee7c3709c310d0882437ccc95d14acf
-
SHA256
2cb3ccdd4a695657e2a4a73147070f2c724d3ec1e9b1febddc4774643eeaa044
-
SHA512
60d7cc4f0a9538b677a7ee71553ce0ea95d0225e68d60ea36ed931a3e6f6200a0b1ff5e77e1b9b488e1879b5d843f82a3893acf451977702dd154e649049c2a3
-
SSDEEP
768:4u1a71T3EiJfWUzDydmo2qz/0KuKbYWiDOQtPI9aygOB0KK60bNEyklQR/MVG4D7:4u1a71T3xq2+0KADXK9aC0KKlbNEXQR2
Malware Config
Extracted
asyncrat
0.5.8
Default
Y27AkfNWf4he
-
delay
3
-
install
true
-
install_file
Solara.exe
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/UpAYSpm6
Signatures
-
Async RAT payload 1 IoCs
Processes:
resource yara_rule sample family_asyncrat -
Asyncrat family
-
Detects file containing reversed ASEP Autorun registry keys 1 IoCs
Processes:
resource yara_rule sample INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 2cb3ccdd4a695657e2a4a73147070f2c724d3ec1e9b1febddc4774643eeaa044
Files
-
2cb3ccdd4a695657e2a4a73147070f2c724d3ec1e9b1febddc4774643eeaa044.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 44KB - Virtual size: 44KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ