Behavioral task
behavioral1
Sample
decode_43048329e6cd6df3e144e8592c1194cf0da5e9113653ea155e664cbcc08b4b27.exe
Resource
win7-20240903-en
General
-
Target
decode_43048329e6cd6df3e144e8592c1194cf0da5e9113653ea155e664cbcc08b4b27.exe
-
Size
63KB
-
MD5
e9154e60abc1de35568af297a19089c4
-
SHA1
229695bc5d602df1eab477e851f4db994701d91d
-
SHA256
4529554d09a020003227f1d879f6e202604c5875b89b9c3088a32c65211182b5
-
SHA512
64b7ed965059098a2eeb438d12d4bfa14fabecc42596d3586c726f44678b13a31b92c0cc834cf6688c12d41ec1ab770e207b218bb3c98223f3a700dde3be25c0
-
SSDEEP
1536:hmImx6tX2kNff4sKu+UYF2Ij85b5APCxiNJrQTGtx:hm9x6tmkN7Ku+UYFw5b5xyJG+x
Malware Config
Extracted
asyncrat
| CRACKED BY https://t.me/xworm_v2
Server
ansj.duckdns.org:35770
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Signatures
Files
-
decode_43048329e6cd6df3e144e8592c1194cf0da5e9113653ea155e664cbcc08b4b27.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 60KB - Virtual size: 59KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ