General

  • Target

    spoofer-unlink.exe

  • Size

    63KB

  • MD5

    49a5f1932378fabb00711adf84d5582d

  • SHA1

    1006e995a77d51759c8f58c901e4a3556a4a2170

  • SHA256

    4ea1569208dbd652ec6bef2f841e17f82b708110edbfbb853961d35c364a7108

  • SHA512

    08d4c7ee8935b9ee2c0cd74f1dd49bc6ef58c7ff62fdd1a91b73fa0c157fc28d903a3c70f467ba6f979cc49bb4b959bef67669056998597311f25da96c0c7b61

  • SSDEEP

    1536:feQPcLwiTUz5mYUb7v9aLfBlHG0uwdpqKmY7:feDcmUMYUb7oBIyGz

Score
10/10

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

0.tcp.eu.ngrok.io13746:13746

Attributes
  • delay

    1

  • install

    true

  • install_file

    spoofer.exe

  • install_folder

    %AppData%

aes.plain

Signatures

  • Async RAT payload 1 IoCs
  • Asyncrat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • spoofer-unlink.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections