Overview

overview

10

Static

static

10

Gordo.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Gordo.exe

  • Size

    48KB

  • MD5

    aa0247f8741c552546222fdad06250b9

  • SHA1

    5f6b077a7bac94f78902f68fd106d2b6745dfa2e

  • SHA256

    f2e1954b5f79826cb951501f9cd9bbea4daee699c22b8361be5babd375e85396

  • SHA512

    b9d19fd2bd99282ad9947d42b47428ae1bd06d6f433033e6b2f256f4b8e23aa659378f4268ca664cf59a6f16b5e00950d965a1c37cb6fd5764ea2ab8825a2d26

  • SSDEEP

    768:JCmxILNJ/j+MiKgliW+8Ybgg/yFrGIZvEgK/JsZVc6KN:JCr0NMzbH4lZnkJsZVclN

Score
10/10
ratdefaultasyncrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

127.0.0.1:8080

127.0.0.1:53117

playing-zoloft.gl.at.ply.gg:8080

playing-zoloft.gl.at.ply.gg:53117

KableHere-53117.portmap.host:8080

KableHere-53117.portmap.host:53117
Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • Async RAT payload 1 IoCs
    rat
  • Asyncrat family
    asyncrat
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Gordo.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections