Analysis
-
max time kernel
121s -
max time network
190s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
26-07-2021 04:26
Static task
static1
Behavioral task
behavioral1
Sample
8380641D9A75AEC9212578CC41B2C36E.exe
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
8380641D9A75AEC9212578CC41B2C36E.exe
-
Size
93KB
-
MD5
8380641d9a75aec9212578cc41b2c36e
-
SHA1
0f2db1a76a406c0b02af0c6cf2ff62192e4ad9a6
-
SHA256
38537d87fdf6fe7312659a6de2c91ba8b757f30d5f9d7b01a25c318e36f90402
-
SHA512
a67dfb553d585c021a600c1d61b00baf21debaf48aa608e7e1838e2929b101fd7b9073991adfdd46b93da50cee61a46a10327cc23ae4e83f06fc7334c3922b23
Malware Config
Extracted
Family
asyncrat
Version
0.5.7B
C2
saikuzen-49289.portmap.io:9551
saikuzen-49289.portmap.io:49289
Mutex
AsyncMutex_6SI8OkPnk
Attributes
-
aes_key
NuHTqyQgBQNmXyWoebFcPZAMe2mEZBiZ
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
Default
-
host
saikuzen-49289.portmap.io
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
9551,49289
-
version
0.5.7B
aes.plain
Signatures
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1304-62-0x0000000000150000-0x000000000015C000-memory.dmp asyncrat -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
8380641D9A75AEC9212578CC41B2C36E.exedescription pid process Token: SeDebugPrivilege 1304 8380641D9A75AEC9212578CC41B2C36E.exe