Overview

overview

10

Static

static

10

2d2b207af1...f7.exe

windows7-x64

10

2d2b207af1...f7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2d2b207af1b1ad9dccb96a6c77c1be6994e69a4a1272db05b9b8239f1f9b68f7

  • Size

    63KB

  • MD5

    a07981dacdc37e2dcee6555cf89f504b

  • SHA1

    f3f2804e66b02e50e1cd402c7a534d886ea708b1

  • SHA256

    2d2b207af1b1ad9dccb96a6c77c1be6994e69a4a1272db05b9b8239f1f9b68f7

  • SHA512

    ddd3e5d010b8694569705b77455bfb524445d4e376ba01fe6cac3e9d7d79075e367c21c81a4fdb97413836cb1f60b54bca10e6fee478cee12c3c6610c39c0141

  • SSDEEP

    1536:0ZaJIKsnhKfMZ4JGbbpwlHhGPkpqKmY7:0nKOhfgGbbpaavz

Score
10/10
ratchuwawaasyncrat

Malware Config

Extracted

Family

asyncrat

Version

ChuWaWa 5.2

Botnet

ChuWaWa

C2

stores-less.gl.at.ply.gg:7777

stores-less.gl.at.ply.gg:45080

31.173.170.243:7777

31.173.170.243:45080
Mutex

ChuWaWaRatMutex_penka

Attributes
  • delay

    1

  • install

    true

  • install_file

    RuntimeBroker.exe

  • install_folder

    %AppData%

aes.plain

Signatures

  • Async RAT payload 1 IoCs
    rat
  • Asyncrat family
    asyncrat
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2d2b207af1b1ad9dccb96a6c77c1be6994e69a4a1272db05b9b8239f1f9b68f7
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections