General

  • Target

    cab2ada39e0f2598b71fcc7285104fd686395c9c38dc4a307d0fb104578a04a1

  • Size

    48KB

  • MD5

    89e08f42736cac8b697ffda76d4f2d73

  • SHA1

    f51cfed16178cb0baeb89a3e86a3d0d4c663d70e

  • SHA256

    cab2ada39e0f2598b71fcc7285104fd686395c9c38dc4a307d0fb104578a04a1

  • SHA512

    d8d073e467a54b2556015702d49af91c68f0febf2d61247f9a9c54e9ebcaa7099446f99a3c70349e4a629a46dba2796bdc78f54e9a692166cd11bd8cf43dd69d

  • SSDEEP

    768:quqJ1TUo0+Q4WUmmjSmo2qMk9h1qpzm/kPI5V5YDZeU0bL28s189HX6PEW/haoyp:quqJ1TU2e2yam/J5V5Y8bL25UHKceHdM

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

37.112.34.178:1070

Mutex

gnRQgC1xq8fz

Attributes
  • delay

    3

  • install

    true

  • install_file

    MoUsoCoreWorker.exe

  • install_folder

    %AppData%

aes.plain

Signatures

  • Async RAT payload 1 IoCs
  • Asyncrat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • cab2ada39e0f2598b71fcc7285104fd686395c9c38dc4a307d0fb104578a04a1
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections