General
-
Target
mod_raenma.exe
-
Size
351KB
-
Sample
241223-mjebtaykgv
-
MD5
4be742cf9d626cd0e49ebd0f6673c5a3
-
SHA1
4b59ac80c7d3173322f6e9af9752152ba3ba8437
-
SHA256
c81e4314c2184685ea4bbb147a928fe6a3cc57f5498b8e311fb352b2f1055712
-
SHA512
e7772593e30e38f32ca6b760693a7574b9c87293021494dee8b182ce0813ddfd01a7e7de6030ea3be9391a2dbb6f8073d1d47db3c101764555f83416863161bc
-
SSDEEP
6144:zWsRLwBm74DJWy6mYrLC0m7tuGyqxLkMH9O1BNI:zBRLwBm2JWxBGyykMo7I
Static task
static1
Behavioral task
behavioral1
Sample
mod_raenma.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
mod_raenma.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
asyncrat
DEC-feder.xyz
bahautopilotusatzfeder.xyz:2011
eichstaett.duckdns.org:2011
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
mod_raenma.exe
-
Size
351KB
-
MD5
4be742cf9d626cd0e49ebd0f6673c5a3
-
SHA1
4b59ac80c7d3173322f6e9af9752152ba3ba8437
-
SHA256
c81e4314c2184685ea4bbb147a928fe6a3cc57f5498b8e311fb352b2f1055712
-
SHA512
e7772593e30e38f32ca6b760693a7574b9c87293021494dee8b182ce0813ddfd01a7e7de6030ea3be9391a2dbb6f8073d1d47db3c101764555f83416863161bc
-
SSDEEP
6144:zWsRLwBm74DJWy6mYrLC0m7tuGyqxLkMH9O1BNI:zBRLwBm2JWxBGyykMo7I
Score10/10-
Asyncrat family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Async RAT payload
-