General
-
Target
63b427f3875eaf7475491877a49f71c5.zip
-
Size
185KB
-
Sample
240821-n8dl9axdqa
-
MD5
abc1920cfba1af10e7f54affe065e74d
-
SHA1
4a7705c98cba13a518d72db0792768ba33b59df5
-
SHA256
fe0f54c271c3e45ca11e05b597de2cdfa6c1bc85589233c3e21b14bb7424f290
-
SHA512
3d80d7ab3d4f5f93b25889ca37e9ea63ef671fe96ef209187b8a3982da153b838e502091b9752c44d09d2c3c7510850ed03db50b0d4e42ed5a7381c0381d944e
-
SSDEEP
3072:diE2chk+fDRhOvHiB5DCb1ptrx5y8nmELgd4viIeb/ixw5ua4avWviyyRTAcCt:diqhiQAZpw8Qb/ixKb4CyyREcCt
Static task
static1
Behavioral task
behavioral1
Sample
600ea8be786d5acc5fa71c8dd19297049a4e9f1fe6a597c2ebcc9785acd8bdd1.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral2
Sample
600ea8be786d5acc5fa71c8dd19297049a4e9f1fe6a597c2ebcc9785acd8bdd1.exe
Resource
win11-20240802-en
Malware Config
Extracted
asyncrat
Default
157.20.182.172:3232
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
600ea8be786d5acc5fa71c8dd19297049a4e9f1fe6a597c2ebcc9785acd8bdd1.mal_
-
Size
331KB
-
MD5
63b427f3875eaf7475491877a49f71c5
-
SHA1
8d6a1d3ce30eec4284cc3303fdf12a22a12f2a82
-
SHA256
600ea8be786d5acc5fa71c8dd19297049a4e9f1fe6a597c2ebcc9785acd8bdd1
-
SHA512
c9ee7f62f028aafe4a2753e50c61a1ae25816d586f6eb080d6ff20be0f7d27f8b5b384ad473625042e76b2e708cf0407e52d8a6fda5c9f1ffc0caf40a4636a3c
-
SSDEEP
6144:eEjIabdDyAnk2S5dE1hQqX9lecEEMH9O1BNI:eAIabd7nkc1h9X9Mo7I
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Async RAT payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-