Analysis
-
max time kernel
374s -
max time network
593s -
platform
windows10-1703_x64 -
resource
win10-20230220-en -
resource tags
arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system -
submitted
01/05/2023, 13:06
Static task
static1
Behavioral task
behavioral1
Sample
update.exe
Resource
win10-20230220-en
Behavioral task
behavioral2
Sample
update.exe
Resource
win7-20230220-en
Behavioral task
behavioral3
Sample
update.exe
Resource
win10v2004-20230220-en
General
-
Target
update.exe
-
Size
969KB
-
MD5
ef0ec9b3bf2edc84d23f92a16b6a8a67
-
SHA1
8e4d871940df560a85332bfacac0b9766f865b9f
-
SHA256
bbcfc7c262a04ae7291c4a1ea80253aaea3968a3c95d2b73b47016c298a7e281
-
SHA512
31c3a9360c6dad1cc7b6db0626d5d9ffcf457592fb5b04f9d0f986ef15793ab9f3a2371e013fb6c666d4d9d9de3d68d01bab417059ded2efea0dc2b80cb88005
-
SSDEEP
12288:84mT/RcXtvyJdBQhXVQpPDv4aloZqby13caYgd2DBAm:84C/6XtvWBmQpPTXgcaYgdCA
Malware Config
Extracted
asyncrat
0.5.7B
Default
addimq.duckdns.org:7878
addimq.duckdns.org:9909
addimq.duckdns.org:6568
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Signatures
-
Async RAT payload 2 IoCs
resource yara_rule behavioral1/memory/4140-117-0x00000204FA0C0000-0x00000204FA0D2000-memory.dmp asyncrat behavioral1/memory/4140-119-0x00000204FAC20000-0x00000204FAC30000-memory.dmp asyncrat -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4140 update.exe