Analysis
-
max time kernel
121s -
max time network
190s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
26-07-2021 04:26
General
-
Target
8380641D9A75AEC9212578CC41B2C36E.exe
-
Size
93KB
-
MD5
8380641d9a75aec9212578cc41b2c36e
-
SHA1
0f2db1a76a406c0b02af0c6cf2ff62192e4ad9a6
-
SHA256
38537d87fdf6fe7312659a6de2c91ba8b757f30d5f9d7b01a25c318e36f90402
-
SHA512
a67dfb553d585c021a600c1d61b00baf21debaf48aa608e7e1838e2929b101fd7b9073991adfdd46b93da50cee61a46a10327cc23ae4e83f06fc7334c3922b23
Score
10/10
Malware Config
Extracted
Family
asyncrat
Version
0.5.7B
C2
saikuzen-49289.portmap.io:9551
saikuzen-49289.portmap.io:49289
Mutex
AsyncMutex_6SI8OkPnk
Attributes
-
aes_key
NuHTqyQgBQNmXyWoebFcPZAMe2mEZBiZ
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
Default
-
host
saikuzen-49289.portmap.io
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
9551,49289
-
version
0.5.7B
aes.plain
Signatures
-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8380641D9A75AEC9212578CC41B2C36E.exe"C:\Users\Admin\AppData\Local\Temp\8380641D9A75AEC9212578CC41B2C36E.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1304-60-0x0000000000C30000-0x0000000000C31000-memory.dmpFilesize
4KB
-
memory/1304-62-0x0000000000150000-0x000000000015C000-memory.dmpFilesize
48KB
-
memory/1304-63-0x000000001B470000-0x000000001B472000-memory.dmpFilesize
8KB