General
-
Target
OFICIOS ENTREGADOS RAD. N° 2532-4231-23.exe
-
Size
28KB
-
Sample
241023-2gfjesvcpq
-
MD5
aa94d5a49336a03c813b9c11915754ff
-
SHA1
0888037069f0b97666686cdd2a35a546cc8ae094
-
SHA256
262cc13c53fffb6f35e5b882ab2358bb8bcafbdba9eeb3d62eeb759e7f064fd7
-
SHA512
3d1f16139d536cdbb0e2b86e438eb21effebbbea98e4419f46c435499eb9ebae8d537b145e3c611acc81868cbaa299dafc2f525b5cbd121514dc579b3eb8da85
-
SSDEEP
384:+8r639p6q9UZLEvqedkn6PLMUAvZmF/FHiFfyuWaQhBGeVlffffffgz:96kLEvqenVMJWaKPu
Static task
static1
Malware Config
Extracted
asyncrat
1.0.7
octubre 9
dcmen09.duckdns.org:6000
firewalljegjgghfyfyfyksklddhcmsjgkeedhkio
-
delay
10
-
install
false
-
install_file
defender
-
install_folder
%AppData%
Targets
-
-
Target
OFICIOS ENTREGADOS RAD. N° 2532-4231-23.exe
-
Size
28KB
-
MD5
aa94d5a49336a03c813b9c11915754ff
-
SHA1
0888037069f0b97666686cdd2a35a546cc8ae094
-
SHA256
262cc13c53fffb6f35e5b882ab2358bb8bcafbdba9eeb3d62eeb759e7f064fd7
-
SHA512
3d1f16139d536cdbb0e2b86e438eb21effebbbea98e4419f46c435499eb9ebae8d537b145e3c611acc81868cbaa299dafc2f525b5cbd121514dc579b3eb8da85
-
SSDEEP
384:+8r639p6q9UZLEvqedkn6PLMUAvZmF/FHiFfyuWaQhBGeVlffffffgz:96kLEvqenVMJWaKPu
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-