Analysis
-
max time kernel
141s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
02-02-2023 22:08
Behavioral task
behavioral1
Sample
bJwF.exe
Resource
win7-20221111-en
windows7-x64
5 signatures
150 seconds
General
-
Target
bJwF.exe
-
Size
47KB
-
MD5
5cd473ede67f1c61c1428ecc257dd895
-
SHA1
1fd8deb6ed79d968252cc8b83ad7713ea287c384
-
SHA256
07c0fec3a68cbddb707dc5782a6d87f556d15ecb122db19ec522bc7e17dfa1d8
-
SHA512
5d9e494ff112e6cb6598ed3a274c1b2ceb5c2c7c535f2a1d3577b11356d25c268656adbc0551d4ddb92e8a9c79cab203f2ae5f05629c11dd2560a8313e86d913
-
SSDEEP
768:p96mxUTILWCaS+DiMtelDSN+iV08YbygefsC2Gq9MvEgK/JnZVc6KN:p96AKWMtKDs4zb16lqGnkJnZVclN
Malware Config
Extracted
Family
asyncrat
Version
1.0.7
Botnet
Default
Mutex
gkAyQRdKkCButk6TyMAZ
Attributes
-
delay
1
-
install
false
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/FcHGaN0M
aes.plain
Signatures
-
Async RAT payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/4528-132-0x00000000001E0000-0x00000000001F2000-memory.dmp asyncrat -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
bJwF.exedescription pid process Token: SeDebugPrivilege 4528 bJwF.exe