Malware Analysis Report

2025-08-06 03:43

Sample ID 230426-y43qpabf78
Target swoof swoof.exe
SHA256 74f3e08db818c32c24b4cec7a16122007ebadf9dcf822fc5c1f4f8491a687807
Tags
rat default asyncrat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

74f3e08db818c32c24b4cec7a16122007ebadf9dcf822fc5c1f4f8491a687807

Threat Level: Known bad

The file swoof swoof.exe was found to be: Known bad.

Malicious Activity Summary

rat default asyncrat

Async RAT payload

Asyncrat family

AsyncRat

Async RAT payload

Program crash

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-04-26 20:21

Signatures

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

Asyncrat family

asyncrat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-26 20:21

Reported

2023-04-26 20:23

Platform

win7-20230220-en

Max time kernel

28s

Max time network

31s

Command Line

"C:\Users\Admin\AppData\Local\Temp\swoof swoof.exe"

Signatures

AsyncRat

rat asyncrat

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\swoof swoof.exe

"C:\Users\Admin\AppData\Local\Temp\swoof swoof.exe"

Network

N/A

Files

memory/2000-54-0x00000000001E0000-0x00000000001F2000-memory.dmp

memory/2000-55-0x000000001B1E0000-0x000000001B260000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-04-26 20:21

Reported

2023-04-26 20:23

Platform

win10v2004-20230221-en

Max time kernel

96s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\swoof swoof.exe"

Signatures

AsyncRat

rat asyncrat

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\swoof swoof.exe

Processes

C:\Users\Admin\AppData\Local\Temp\swoof swoof.exe

"C:\Users\Admin\AppData\Local\Temp\swoof swoof.exe"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 440 -p 5056 -ip 5056

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 5056 -s 1088

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 117.18.237.29:80 tcp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 20.42.65.90:443 tcp
US 8.8.8.8:53 1.77.109.52.in-addr.arpa udp
NL 173.223.113.164:443 tcp

Files

memory/5056-133-0x0000000000F10000-0x0000000000F22000-memory.dmp

memory/5056-134-0x000000001D180000-0x000000001D190000-memory.dmp