Analysis
-
max time kernel
17s -
max time network
20s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
27/04/2023, 06:19
Behavioral task
behavioral1
Sample
install.exe
Resource
win10-20230220-en
3 signatures
150 seconds
General
-
Target
install.exe
-
Size
47KB
-
MD5
66910731804a08bab77c51103c8023eb
-
SHA1
7b047f9750b7569004403ddfeb36ece9b3b5f11b
-
SHA256
09effa48cafb7ba5d02f97e1e1dcb2490d387bc02453900fe3bd69e07ca00edf
-
SHA512
7b7699e9f9d3d4fedaf1374c5f3c95b6fd07b6510c0b18fb735caf3776f8bc4ccb1d929a81a44a430c83c6eccbdf92531e03a54aaae8a754d5006eef1b03b8cc
-
SSDEEP
768:3d3PjILweUc+biPMaGnPiicf8Yb/gLpZH/vEgK/J7ZVc6KN:3d39koAzbId1nkJ7ZVclN
Malware Config
Extracted
Family
asyncrat
Version
1.0.7
Botnet
Default
C2
127.0.0.1:61288
146.70.165.10:61288
Mutex
DcRatMutex_qwqdanchun
Attributes
-
delay
1
-
install
true
-
install_file
Windows Update.exe
-
install_folder
%AppData%
aes.plain
Signatures
-
Async RAT payload 1 IoCs
resource yara_rule behavioral2/memory/4236-133-0x0000000000270000-0x0000000000282000-memory.dmp asyncrat -
Program crash 1 IoCs
pid pid_target Process procid_target 740 4236 WerFault.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\install.exe"C:\Users\Admin\AppData\Local\Temp\install.exe"1⤵PID:4236
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4236 -s 10842⤵
- Program crash
PID:740
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 456 -p 4236 -ip 42361⤵PID:4116