General
-
Target
reversheshell b64 bat TO.exe
-
Size
88KB
-
Sample
250330-n9mxbax1ds
-
MD5
aa8d4f9a7cea9c7c8de61478ae5a7f81
-
SHA1
5b8ce5f94b702731877e55822dfb505af4332fa6
-
SHA256
cb89e6fafecf411a75df6cb06b2302e8f3c9696232dbdff6b25b3d6bec635c91
-
SHA512
2f54a16ad0a7a0ec8c6ea4f08cd28c587a6ac29421ec1433150e80e164d48bdd312480a86b15477deee4e11f3cf331823400a9fc858451fc4eaf59213577c982
-
SSDEEP
1536:D7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIf3xP+:fq6+ouCpk2mpcWJ0r+QNTBf3B+
Static task
static1
Malware Config
Extracted
https://tinyurl.com/VIRGPLOAD
Extracted
asyncrat
0.5.8
Default
holefo2785-22820.portmap.host:22820
holefo2785-22820.portmap.host:6606
Oma7kBAtvlxY
-
delay
3
-
install
true
-
install_file
discord.exe
-
install_folder
%AppData%
Targets
-
-
Target
reversheshell b64 bat TO.exe
-
Size
88KB
-
MD5
aa8d4f9a7cea9c7c8de61478ae5a7f81
-
SHA1
5b8ce5f94b702731877e55822dfb505af4332fa6
-
SHA256
cb89e6fafecf411a75df6cb06b2302e8f3c9696232dbdff6b25b3d6bec635c91
-
SHA512
2f54a16ad0a7a0ec8c6ea4f08cd28c587a6ac29421ec1433150e80e164d48bdd312480a86b15477deee4e11f3cf331823400a9fc858451fc4eaf59213577c982
-
SSDEEP
1536:D7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIf3xP+:fq6+ouCpk2mpcWJ0r+QNTBf3B+
-
Asyncrat family
-
Async RAT payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-