Overview

overview

10

Static

static

f6811579d0...9a.exe

windows7-x64

10

f6811579d0...9a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    30-11-2022 15:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f6811579d05e934ddc738eef47f1cce11329b4adb926247551ca37540f4ad99a.exe

  • Size

    408KB

  • MD5

    bc756741f3c49592e4ab0646b91dc398

  • SHA1

    d47282b28c6dc3240978d4105e779f1d05b6a6e3

  • SHA256

    f6811579d05e934ddc738eef47f1cce11329b4adb926247551ca37540f4ad99a

  • SHA512

    d11e1998cfa9dd81b9940994411990f442835ce92d6177c180df027caa520753d01188e75794d885ca5a01b249129c8929a95c9082de161eee66ca5aedc9979e

  • SSDEEP

    6144:Qtd3F/h3SXnmtWrnngnnnKnanlywwwBwwA5wwwwswww+wwwGwwwbwwwLwwwwwwwu:Q/F/hCWtWrnngnnnKnanx4Y

Score
10/10
asyncratrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.6B

C2

127.0.0.1:8808

googledrive.dynu.net:8808

googledrive.linkpc.net:8808

googledrive.myftp.org:8808
Mutex

fhjghjdfgvcbndfgdfg

Attributes
  • delay

    5

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers.

    ratasyncrat
  • Async RAT payload 6 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f6811579d05e934ddc738eef47f1cce11329b4adb926247551ca37540f4ad99a.exe
    "C:\Users\Admin\AppData\Local\Temp\f6811579d05e934ddc738eef47f1cce11329b4adb926247551ca37540f4ad99a.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1868
    • C:\Users\Admin\AppData\Local\Temp\f6811579d05e934ddc738eef47f1cce11329b4adb926247551ca37540f4ad99a.exe
      "C:\Users\Admin\AppData\Local\Temp\f6811579d05e934ddc738eef47f1cce11329b4adb926247551ca37540f4ad99a.exe"
      2⤵
        PID:1620

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1620-58-0x0000000000400000-0x0000000000412000-memory.dmp
      Filesize

      72KB

      Download
    • memory/1620-57-0x0000000000400000-0x0000000000412000-memory.dmp
      Filesize

      72KB

      Download
    • memory/1620-60-0x0000000000400000-0x0000000000412000-memory.dmp
      Filesize

      72KB

      Download
    • memory/1620-61-0x0000000000400000-0x0000000000412000-memory.dmp
      Filesize

      72KB

      Download
    • memory/1620-62-0x0000000000400000-0x0000000000412000-memory.dmp
      Filesize

      72KB

      Download
    • memory/1620-63-0x000000000040C25E-mapping.dmp
      Download
    • memory/1620-65-0x0000000000400000-0x0000000000412000-memory.dmp
      Filesize

      72KB

      Download
    • memory/1620-67-0x0000000000400000-0x0000000000412000-memory.dmp
      Filesize

      72KB

      Download
    • memory/1868-54-0x0000000000E10000-0x0000000000E7C000-memory.dmp
      Filesize

      432KB

      Download
    • memory/1868-55-0x00000000757E1000-0x00000000757E3000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1868-56-0x00000000005D0000-0x00000000005E4000-memory.dmp
      Filesize

      80KB

      Download