Analysis
-
max time kernel
117s -
max time network
117s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
25-01-2022 16:01
General
-
Target
b95cb76cec0b0c88a409403518559fb3.exe
-
Size
153KB
-
MD5
b95cb76cec0b0c88a409403518559fb3
-
SHA1
7692607a52ada1a447913d1990628c13e22f4b04
-
SHA256
ba2c8fcdef3c1675e57b94c9a7b04088a68d98110cf1ddf509eae437f731b138
-
SHA512
33fa4970b8d272209a39c1afe23f601f4dd146596cb28e2f830df8328ba2d4455ae801817062405148e6b5faae4773828e674740cc65bf46f37a7c5a99d4bc79
Score
10/10
Malware Config
Extracted
Family
asyncrat
Version
1.0.7
Botnet
Default
C2
null:null
Mutex
DcRatMutex
Attributes
-
anti_vm
false
-
bsod
true
-
delay
1
-
install
true
-
install_file
RuntimeBroker.exe
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/SctPUR4x
aes.plain
Signatures
-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
-
Async RAT payload 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b95cb76cec0b0c88a409403518559fb3.exe"C:\Users\Admin\AppData\Local\Temp\b95cb76cec0b0c88a409403518559fb3.exe"1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1560-54-0x0000000000D20000-0x0000000000D4C000-memory.dmpFilesize
176KB
-
memory/1560-55-0x000000001BBD0000-0x000000001BBD2000-memory.dmpFilesize
8KB
-
memory/1560-56-0x0000000000D10000-0x0000000000D18000-memory.dmpFilesize
32KB
-
memory/1560-57-0x000000001BBD6000-0x000000001BBF5000-memory.dmpFilesize
124KB
-
memory/1560-58-0x0000000002220000-0x0000000002236000-memory.dmpFilesize
88KB
-
memory/1560-60-0x000000001BBF5000-0x000000001BBF6000-memory.dmpFilesize
4KB
-
memory/1560-59-0x00000000021C0000-0x00000000021DA000-memory.dmpFilesize
104KB
-
memory/1560-61-0x000000001BBF8000-0x000000001BBFA000-memory.dmpFilesize
8KB
-
memory/1560-62-0x000000001BBFA000-0x000000001BBFB000-memory.dmpFilesize
4KB