Analysis
-
max time kernel
31s -
max time network
144s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
01/05/2023, 06:46
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Ta.exe
Resource
win7-20230220-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
Ta.exe
Resource
win10v2004-20230220-en
0 signatures
150 seconds
General
-
Target
Ta.exe
-
Size
969KB
-
MD5
541266cef785b743100ad94b12ea7ab4
-
SHA1
193d0a5d50fd5162921d5b7e17c64fad0d09d908
-
SHA256
442efcd3a8be27c0471c1ad7861f92b7741af55ee9f56f7906c1e59989583880
-
SHA512
410d9bab2861a648dbef90b358af4b5bcb155b033a52c83101ed791286b43e8706f107ffb54e986eb08e3c93d9b4259fe758aca2fbd55e431fc9f1526e00a30b
-
SSDEEP
12288:y4mT/RcXtvyJdBQhXVQpoDv4alfZqby13caYgd2DiJOWpoZg1:y4C/6XtvWBmQpoT4gcaYgdNOwoZg1
Malware Config
Extracted
Family
asyncrat
Version
0.5.7B
Botnet
Default
C2
45.81.243.217:6606
45.81.243.217:7707
45.81.243.217:8808
Mutex
AsyncMutex_6SI8OkPnk
Attributes
-
delay
3
-
install
false
-
install_folder
%AppData%
aes.plain
Signatures
-
Async RAT payload 2 IoCs
resource yara_rule behavioral1/memory/1724-55-0x0000000028480000-0x0000000028492000-memory.dmp asyncrat behavioral1/memory/1724-56-0x00000000417E0000-0x0000000041860000-memory.dmp asyncrat -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1724 Ta.exe