Analysis
-
max time kernel
44s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
-
submitted
05-12-2022 17:44
General
-
Target
f559c085934e6e7d98e6d520684196eb.exe
-
Size
45KB
-
MD5
f559c085934e6e7d98e6d520684196eb
-
SHA1
3a829e2faeaa5a48556770cc159a4e291a91a9c3
-
SHA256
198886528a13c0f7f03536bac4a5c449d3b21131887efa7595c9e9a56a2cfc0e
-
SHA512
7451ae89f1df93613069ea4056d9f23b1d8c71636487ee888b39e7887181b03c2f7183673468ead5fec2d0c50396b6545a623e6627a88f0268a68bab47d67f79
-
SSDEEP
768:SubrdT5UohzWUfpdBmo2qV6KjGKG6PIyzjbFgX3iUqaPkMapBDZHx:SubrdT5Pf2FKYDy3bCXSUqQE3dHx
Malware Config
Extracted
asyncrat
0.5.7B
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
127.0.0.1:51115
127.0.0.1:26993
127.0.0.1:19624
185.246.220.26:6606
185.246.220.26:7707
185.246.220.26:8808
185.246.220.26:51115
185.246.220.26:26993
185.246.220.26:19624
5.tcp.ngrok.io:6606
5.tcp.ngrok.io:7707
5.tcp.ngrok.io:8808
5.tcp.ngrok.io:51115
5.tcp.ngrok.io:26993
5.tcp.ngrok.io:19624
disownnet.duckdns.org:6606
disownnet.duckdns.org:7707
-
delay
3
-
install
false
-
install_file
services.exe
-
install_folder
%AppData%
Signatures
-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
-
Async RAT payload ⋅ 1 IoCs
-
Suspicious use of AdjustPrivilegeToken ⋅ 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f559c085934e6e7d98e6d520684196eb.exePID:1280"C:\Users\Admin\AppData\Local\Temp\f559c085934e6e7d98e6d520684196eb.exe"Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
Downloads
-
memory/1280-54-0x0000000000D60000-0x0000000000D72000-memory.dmpFilesize
72KB
-
memory/1280-55-0x0000000075601000-0x0000000075603000-memory.dmpFilesize
8KB