Analysis

  • max time kernel
    192s
  • max time network
    332s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    01/05/2023, 19:04

General

  • Target

    Ta.exe

  • Size

    1024.0MB

  • MD5

    ad6af2d313b7118ff811eeaa49e740ad

  • SHA1

    f3ea74dae94644c095674bd8d1619a979388d569

  • SHA256

    4b34980497ed08e0f3958cc83b63dbf5cd84879333d176e8df5910694ec728ae

  • SHA512

    8a6cad20817c4c118c9c09a7f59b70d5fe17ee39576eedf8c27c2765e84ca45af4e12b760966f882ca148de47a81d72e90331f058e08787cb9b2150cd969ec4f

  • SSDEEP

    12288:94mT/RcXtvyJdBQhXVQprDv4alfZqby13caYgd2Dm/txt:94C/6XtvWBmQprT4gcaYgdPD

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

45.81.243.217:6606

45.81.243.217:7707

45.81.243.217:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

  • Async RAT payload 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Ta.exe
    "C:\Users\Admin\AppData\Local\Temp\Ta.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1052

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1052-54-0x0000000001F50000-0x0000000001F65000-memory.dmp

          Filesize

          84KB

        • memory/1052-55-0x0000000028170000-0x0000000028182000-memory.dmp

          Filesize

          72KB

        • memory/1052-57-0x00000000412F0000-0x0000000041370000-memory.dmp

          Filesize

          512KB

        • memory/1052-56-0x00000000412F0000-0x0000000041370000-memory.dmp

          Filesize

          512KB

        • memory/1052-58-0x00000000412F0000-0x0000000041370000-memory.dmp

          Filesize

          512KB

        • memory/1052-59-0x00000000412F0000-0x0000000041370000-memory.dmp

          Filesize

          512KB

        • memory/1052-60-0x00000000412F0000-0x0000000041370000-memory.dmp

          Filesize

          512KB

        • memory/1052-61-0x00000000412F0000-0x0000000041370000-memory.dmp

          Filesize

          512KB