General
-
Target
test12.exe
-
Size
78KB
-
MD5
923c5ef2fb6b5bdeb99706351f91f363
-
SHA1
4aa5656493678888133ee0bbf841c2d040c4b125
-
SHA256
04b3ce6b72aa20cdbf2aa85bc0e8dbdd694540fb03d535c813db10766700eb6f
-
SHA512
d46a85b1c93b6eec45a5260943bddff82c9e836ac79d853dba8c5a21657a8d329e7262cd5ee3e517595628c41a04a881eee4d07f5f52478a6ef60b4a4920c096
-
SSDEEP
1536:kU+ScxObfCCMPMVnCs6ta/I6H1bT/WQSQBQzcW3VclNQ:kU9cxOj5MPMVnCoVH1bT2UQflY+
Score
10/10
Malware Config
Extracted
Family
asyncrat
Version
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Botnet
DontDel
C2
94.232.249.235:4449
94.232.249.235:13001
Mutex
rzdefgskseo
Attributes
-
delay
1
-
install
true
-
install_file
powershell -Command "Add-MpPreference -ExclusionPath \"$env:APPDATA\test.exe\"".exe
-
install_folder
%AppData%
aes.plain
Signatures
-
Asyncrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
test12.exe
Headers
Sections