General
-
Target
ms.bin
-
Size
1.0MB
-
Sample
210717-pwgj24xvcx
-
MD5
dbbb611daf3abd47972ae4faf5d54c95
-
SHA1
1b33772f2acc9e6673a2922587b00db86f5fba01
-
SHA256
d5a8b6cb7b39d6f71ce67c6c8e17030079f2778087ee12c0ad45bd823f7bd53c
-
SHA512
140b2d0d6ac049943f5f2c8e3bfa7ca1ad773b0878cf92f825baa2769930d068b6b2601786f94f40daf15f199b2cb9b6ce6c016130025e5f04a103ee78b06bb9
Behavioral task
behavioral1
Sample
ms.bin.exe
Resource
win7v20210408
Malware Config
Extracted
asyncrat
0.5.7B
null:null
Mutex_6SI8OkPnk
-
aes_key
ZgOTIhSVzSTSosv4ITYrzailHXWOHyEM
-
anti_detection
true
-
autorun
true
-
bdos
false
-
delay
SWARM-SHOP
-
host
null
-
hwid
20
- install_file
-
install_folder
%AppData%
-
mutex
Mutex_6SI8OkPnk
-
pastebin_config
https://pastebin.com/raw/VTByvKGM
-
port
null
-
version
0.5.7B
Targets
-
-
Target
ms.bin
-
Size
1.0MB
-
MD5
dbbb611daf3abd47972ae4faf5d54c95
-
SHA1
1b33772f2acc9e6673a2922587b00db86f5fba01
-
SHA256
d5a8b6cb7b39d6f71ce67c6c8e17030079f2778087ee12c0ad45bd823f7bd53c
-
SHA512
140b2d0d6ac049943f5f2c8e3bfa7ca1ad773b0878cf92f825baa2769930d068b6b2601786f94f40daf15f199b2cb9b6ce6c016130025e5f04a103ee78b06bb9
-
Async RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-