General

  • Target

    0b11ccb96e99cea6f7bc307695a2b94415728b005a516e551a4f1dee24dd6296.zip

  • Size

    18.2MB

  • MD5

    eb4fdf877381161ccf014e26359fe018

  • SHA1

    4b8b5c72c0d808e4e1ea5f5b7795a6e18611607b

  • SHA256

    0b11ccb96e99cea6f7bc307695a2b94415728b005a516e551a4f1dee24dd6296

  • SHA512

    0e3389c65b0034586d50bf27180db2ab0a8d5f7924529dfadb3571978a3e9c6cc70fc3bcdb4a45fc049846b537d27ba1865c0106306f7960f315f7316e06f70f

  • SSDEEP

    393216:cZycN9W5dCUl+KeaAo7hVfRJRi/PymUOygldiyC7vlt/e/eBB3:cZyUaUUlm2vRa37N/ldeDl964B

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

RIMAWI 1.0.2.9

Botnet

(_!_D@YS_!_)

C2

127.0.0.1:36365

Mutex

AZSXDCFVGBHNqwertyui

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • Asyncrat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 0b11ccb96e99cea6f7bc307695a2b94415728b005a516e551a4f1dee24dd6296.zip
    .zip
  • VideoVLC_Subtitle.ps1
    .ps1
  • VideoVLC_subtitles.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections