General
-
Target
NoSkillCC_Temp.exe
-
Size
297KB
-
Sample
240624-zbry6a1hpf
-
MD5
94af49da910c1e7f6ecea26e5f0c400e
-
SHA1
2090d0904749d1b7920f8c07e72b48b93781c28a
-
SHA256
227a542a8b48d63e4f0ef00fe8c62d352db0587d58b293a50823cf89645ee66a
-
SHA512
e587e88accd2fabfcb823dfcfbb4649b8dc21366bafc2dc9d1a99cf35087159c6ee697afee6fcaa00075344897edd6c67d086624322e05209045e4abc0abae33
-
SSDEEP
6144:tJt4TzCtQW7zWMf5SjbFj3YoZZ0fmBDpBjRp605GRgrMsK:p4ABf56lD+fwvRp605GRy
Static task
static1
Malware Config
Extracted
asyncrat
Default
147.185.221.16:4040
127.0.0.1:4040
-
delay
1
-
install
false
-
install_folder
%AppData%
Extracted
asyncrat
1.0.7
Default
testdamahe.duckdns.org:8848
aghahgiuaehgiueahiguahieghahgiahgiaehgiueaghaiug
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
NoSkillCC_Temp.exe
-
Size
297KB
-
MD5
94af49da910c1e7f6ecea26e5f0c400e
-
SHA1
2090d0904749d1b7920f8c07e72b48b93781c28a
-
SHA256
227a542a8b48d63e4f0ef00fe8c62d352db0587d58b293a50823cf89645ee66a
-
SHA512
e587e88accd2fabfcb823dfcfbb4649b8dc21366bafc2dc9d1a99cf35087159c6ee697afee6fcaa00075344897edd6c67d086624322e05209045e4abc0abae33
-
SSDEEP
6144:tJt4TzCtQW7zWMf5SjbFj3YoZZ0fmBDpBjRp605GRgrMsK:p4ABf56lD+fwvRp605GRy
-
Async RAT payload
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-