Analysis
-
max time kernel
25s -
max time network
155s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
04/05/2023, 10:34
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Ta.exe
Resource
win7-20230220-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
Ta.exe
Resource
win10v2004-20230220-en
0 signatures
150 seconds
General
-
Target
Ta.exe
-
Size
1024.0MB
-
MD5
2cae069aa7b7d01aa0518ce54131e797
-
SHA1
484f33776492a78958914c3a637615e30b3acebb
-
SHA256
3ae0b6a4b5f4733df33d3962f6911c32d0e21e119fb3dfb93598460f67ff17ff
-
SHA512
b23b27ae9431846223442da391e9d3d7cc4fc9f30603c8283b03da47f0994cc8a8b22a60d90e36faadeb22f6e70bbd4a6fb1fa5816e411e228158c771ab93275
-
SSDEEP
12288:l4mT/RcXtvyJdBQhXVQpmDv4alfZqby13caYgd2D0gjDsTrU:l4C/6XtvWBmQpmT4gcaYgdBgjDsPU
Malware Config
Extracted
Family
asyncrat
Version
0.5.7B
Botnet
Default
C2
45.81.243.217:6606
45.81.243.217:7707
45.81.243.217:8808
Mutex
AsyncMutex_6SI8OkPnk
Attributes
-
delay
3
-
install
false
-
install_folder
%AppData%
aes.plain
Signatures
-
Async RAT payload 2 IoCs
resource yara_rule behavioral1/memory/1572-55-0x0000000028070000-0x0000000028082000-memory.dmp asyncrat behavioral1/memory/1572-56-0x0000000041370000-0x00000000413F0000-memory.dmp asyncrat -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1572 Ta.exe