General
-
Target
Client.exe
-
Size
52KB
-
Sample
240623-ltqxxsxhnb
-
MD5
d1d4f10601fe63fd37d4bc3ba4d7ca7b
-
SHA1
f37fc02608c96ac28fcb92bb45956992893cffd9
-
SHA256
fe46aa3a0602d0d8bdd78d48f1a8ea6f0fca79717d2752a32dd9832eada9ac77
-
SHA512
751f6720cffb91f3e47d51f060fa68e4ac5b44b425ef3a102efe1c26d66d49c872ffbb5e0ff58c56d7428e990f2e2b8aa35f2d092edcad0f86f904a6b94f8619
-
SSDEEP
768:V9umxLiIL1CaS+DiMtelDSN+iV08YbygegFMKvmvEgK/JsR9e7OVc6KN:V9uAPWMtKDs4zb15FMImnkJs70OVclN
Behavioral task
behavioral1
Sample
Client.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
asyncrat
1.0.7
Default
127.0.0.1:8848
127.0.0.1:80
127.0.0.1:26181
lolimaginerattin24-26181.portmap.host:8848
lolimaginerattin24-26181.portmap.host:80
lolimaginerattin24-26181.portmap.host:26181
DcRatMutex_qwqdanchun
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Client.exe
-
Size
52KB
-
MD5
d1d4f10601fe63fd37d4bc3ba4d7ca7b
-
SHA1
f37fc02608c96ac28fcb92bb45956992893cffd9
-
SHA256
fe46aa3a0602d0d8bdd78d48f1a8ea6f0fca79717d2752a32dd9832eada9ac77
-
SHA512
751f6720cffb91f3e47d51f060fa68e4ac5b44b425ef3a102efe1c26d66d49c872ffbb5e0ff58c56d7428e990f2e2b8aa35f2d092edcad0f86f904a6b94f8619
-
SSDEEP
768:V9umxLiIL1CaS+DiMtelDSN+iV08YbygegFMKvmvEgK/JsR9e7OVc6KN:V9uAPWMtKDs4zb15FMImnkJs70OVclN
Score10/10-
Renames multiple (3248) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-