General
-
Target
new.bat
-
Size
4KB
-
Sample
241216-vx5d6axjbq
-
MD5
b79e56969d36c4b969bbe1623142e74a
-
SHA1
a7bcc5273b86e75dad66fed8fab1ec546ffa3bfd
-
SHA256
6eb141225c4e4bfe3c347cac44b939ef697616b32e7d3646d6944210d99d0960
-
SHA512
fb9df37d81d5a9e8fa4500db392df29c4e7e8017cb9705277da7e1a2f0eb3b9df529c657174488998ba5cb82fb51149d31e666190c6de7e86773ac8e7711a356
-
SSDEEP
96:EDONgDQ901HqmgGM5olT539rHZdrMkSKHUEeW05qy:EDpDe01HqGO5j
Static task
static1
Behavioral task
behavioral1
Sample
new.bat
Resource
win7-20240729-en
Malware Config
Extracted
asyncrat
Default
sdanarchynd.duckdns.org:7878
-
delay
1
-
install
false
-
install_folder
%AppData%
Extracted
asyncrat
0.5.7B
Default
soasyncb.duckdns.org:6745
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
new.bat
-
Size
4KB
-
MD5
b79e56969d36c4b969bbe1623142e74a
-
SHA1
a7bcc5273b86e75dad66fed8fab1ec546ffa3bfd
-
SHA256
6eb141225c4e4bfe3c347cac44b939ef697616b32e7d3646d6944210d99d0960
-
SHA512
fb9df37d81d5a9e8fa4500db392df29c4e7e8017cb9705277da7e1a2f0eb3b9df529c657174488998ba5cb82fb51149d31e666190c6de7e86773ac8e7711a356
-
SSDEEP
96:EDONgDQ901HqmgGM5olT539rHZdrMkSKHUEeW05qy:EDpDe01HqGO5j
-
Asyncrat family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Async RAT payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates processes with tasklist
-