Analysis
-
max time kernel
127s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
03-02-2023 16:09
Behavioral task
behavioral1
Sample
bJyz.exe
Resource
win7-20221111-en
windows7-x64
3 signatures
150 seconds
General
-
Target
bJyz.exe
-
Size
47KB
-
MD5
90631c5269980f1ea596b3c76974d262
-
SHA1
889a1edb9b462ed0d3a5cc8ecf0427696d6095c5
-
SHA256
c40f3216652866e041fd154c38dab5f443f65da7e995e45ce473bf2662e2f7e4
-
SHA512
c129df24c9302a9c0cae09cbe1a5c9efca3848719cc80e1801cf8ccdac9d1a714c03cb590446394e2e14ba16dc8bb8e7e6c1ae1110271dcf0896e08634cbb9cd
-
SSDEEP
768:dOEuILWCKi+DiBtelDSN+iV08YbygemmbbeUZvEgK/J9lZVc6KN:dOtmBtKDs4zb1CbeMnkJ3ZVclN
Malware Config
Extracted
Family
asyncrat
Version
1.0.7
Botnet
Default
C2
20.197.196.201:7749
Mutex
hAtBdUenfThOelUfgThs
Attributes
-
delay
1
-
install
false
-
install_folder
%AppData%
aes.plain
Signatures
-
Async RAT payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1388-54-0x0000000001350000-0x0000000001362000-memory.dmp asyncrat -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
bJyz.exedescription pid process Token: SeDebugPrivilege 1388 bJyz.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1388-54-0x0000000001350000-0x0000000001362000-memory.dmpFilesize
72KB