Analysis
-
max time kernel
25s -
max time network
159s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
02/05/2023, 06:09
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Ta.exe
Resource
win7-20230220-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
Ta.exe
Resource
win10v2004-20230220-en
0 signatures
150 seconds
General
-
Target
Ta.exe
-
Size
1024.0MB
-
MD5
ad6af2d313b7118ff811eeaa49e740ad
-
SHA1
f3ea74dae94644c095674bd8d1619a979388d569
-
SHA256
4b34980497ed08e0f3958cc83b63dbf5cd84879333d176e8df5910694ec728ae
-
SHA512
8a6cad20817c4c118c9c09a7f59b70d5fe17ee39576eedf8c27c2765e84ca45af4e12b760966f882ca148de47a81d72e90331f058e08787cb9b2150cd969ec4f
-
SSDEEP
12288:94mT/RcXtvyJdBQhXVQprDv4alfZqby13caYgd2Dm/txt:94C/6XtvWBmQprT4gcaYgdPD
Malware Config
Extracted
Family
asyncrat
Version
0.5.7B
Botnet
Default
C2
45.81.243.217:6606
45.81.243.217:7707
45.81.243.217:8808
Mutex
AsyncMutex_6SI8OkPnk
Attributes
-
delay
3
-
install
false
-
install_folder
%AppData%
aes.plain
Signatures
-
Async RAT payload 2 IoCs
resource yara_rule behavioral1/memory/1532-55-0x00000000281E0000-0x00000000281F2000-memory.dmp asyncrat behavioral1/memory/1532-56-0x0000000028370000-0x00000000283F0000-memory.dmp asyncrat -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1532 Ta.exe