Overview

overview

10

Static

static

net5.exe

windows7_x64

10

net5.exe

windows10_x64

10

Analysis

  • max time kernel
    38s
  • max time network
    151s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    21-07-2021 13:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    net5.exe

  • Size

    766KB

  • MD5

    c094c57d960c5db1a798911c59cb9c91

  • SHA1

    daa83187c52c8fd8349e2525cc0754ccdc023fd0

  • SHA256

    4780ad66fe081922301a8a90ca01d2e30c6bd5cfcfbe3d768773e8cf86e864df

  • SHA512

    c11437aa95c3588cca5cb6da12fb7a46b3c01b408d8673174f1df85e5bc29471d303adc997cd873d80045765a38c75daa0fc94217f6a25003cbbc160ea5a6f3b

Score
10/10
asyncratrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7A

C2

mysubdomain873.duckdns.org:600

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • aes_key

    6ARSUbK1J7i0ZiDwHtKhtGLRoDs9BiV3

  • anti_detection

    false

  • autorun

    false

  • bdos

    false

  • delay

    Default

  • host

    mysubdomain873.duckdns.org

  • hwid

    1

  • install_file

  • install_folder

    %AppData%

  • mutex

    AsyncMutex_6SI8OkPnk

  • pastebin_config

    null

  • port

    600

  • version

    0.5.7A

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers.

    ratasyncrat
  • Async RAT payload 2 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\net5.exe
    "C:\Users\Admin\AppData\Local\Temp\net5.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4016
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1736-116-0x0000000000400000-0x0000000000412000-memory.dmp
    Filesize

    72KB

    Download
  • memory/1736-117-0x000000000040C74E-mapping.dmp
    Download
  • memory/1736-120-0x0000000005170000-0x0000000005171000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1736-121-0x0000000005AD0000-0x0000000005AD1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1736-122-0x0000000006070000-0x0000000006071000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1736-123-0x0000000005BE0000-0x0000000005BE1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1736-124-0x0000000006B30000-0x0000000006B31000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1736-125-0x0000000006AB0000-0x0000000006B29000-memory.dmp
    Filesize

    484KB

    Download
  • memory/1736-126-0x0000000006C10000-0x0000000006C11000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1736-127-0x0000000006D10000-0x0000000006D11000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1736-128-0x0000000006C80000-0x0000000006C84000-memory.dmp
    Filesize

    16KB

    Download
  • memory/1736-129-0x00000000070D0000-0x000000000715D000-memory.dmp
    Filesize

    564KB

    Download
  • memory/1736-130-0x0000000007260000-0x00000000072B9000-memory.dmp
    Filesize

    356KB

    Download
  • memory/1736-131-0x00000000072C0000-0x00000000072C1000-memory.dmp
    Filesize

    4KB

    Download