General
-
Target
IDAT_final_payload_bkvkt.bin
-
Size
66KB
-
MD5
51f610e5dd132c3a4c75e0a3b03ad1e8
-
SHA1
487cb274115d58df427b787ccd2bcda81da571e5
-
SHA256
858bc1d6ff8edcedb9ecd23e6390134d40073d4c22e15f8639b394148e07ebd5
-
SHA512
0094a2721ed342d602561a8188d130538f9c27f91c5cd042e7f02613c28abdc94169b296cb42d9031799730c239f94543c2104791a813fa935268756357a5533
-
SSDEEP
1536:imImx6tX2kNff4sKu+UYFsy3XR+zb7wohYH4VcfrPlTGFxkPP0:im9x6tmkN7Ku+UYFFReb7l6duxd
Malware Config
Extracted
asyncrat
| CRACKED BY https://t.me/xworm_v2
Default
envio202409sep.duckdns.org:3030
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Signatures
Files
-
IDAT_final_payload_bkvkt.bin.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 63KB - Virtual size: 62KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ