Overview

overview

10

Static

static

10

OTP_BOT202...22.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    30s
  • max time network
    33s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-02-2023 16:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    OTP_BOT2022/OTP_BOTv22.exe

  • Size

    259KB

  • MD5

    fa19070c61d193fbb49938c6b9116d08

  • SHA1

    a7ca45c54edc96afa05954c6a31db093ce17f244

  • SHA256

    283a885196ca1fab367fdbcbee9cec2d1cc0f5e0d8be02e86dac47fb0dd4702d

  • SHA512

    c2a5cbb0cba0da77ca1db0725a36619e990ef792dcbf88e0ccd9a0650de0247cefb3d67b51565bacee2255bf3ea15517d825a330e24dad8a97718e780fa98874

  • SSDEEP

    6144:tdzbpmVzABPq4JHHViNWxcY1eW2mW0cs:tdHr

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

127.0.0.1:6666

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers.

    ratasyncrat
  • Async RAT payload 1 IoCs
    rat

Processes

  • C:\Users\Admin\AppData\Local\Temp\OTP_BOT2022\OTP_BOTv22.exe
    "C:\Users\Admin\AppData\Local\Temp\OTP_BOT2022\OTP_BOTv22.exe"
    1⤵
      PID:3392

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3392-132-0x0000000000230000-0x0000000000276000-memory.dmp
      Filesize

      280KB

      Download
    • memory/3392-133-0x00007FFFC9CB0000-0x00007FFFCA771000-memory.dmp
      Filesize

      10.8MB

      Download
    • memory/3392-134-0x00007FFFC9CB0000-0x00007FFFCA771000-memory.dmp
      Filesize

      10.8MB

      Download