Overview

overview

10

Static

static

3

SecuriteIn...78.exe

windows7-x64

10

SecuriteIn...78.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    01-06-2023 22:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Variant.Barys.432395.1653.178.exe

  • Size

    103KB

  • MD5

    384cc4b1c3c5d9bce6eb9b1c70e2c54a

  • SHA1

    5377096461d28b04866188b2c68d182e146f345d

  • SHA256

    391a43e128f1ee34ce61bc1c787867f3c1d6f6af117db338d9186a94d2273c5b

  • SHA512

    09a7bce1785f2ee7f8daf603e6eeba4643732311c9dc5225aece7c3e2b9270cf42cded5a0315312c363fc91f1d08f7122ecf8a3a03ed1889c4a2589b82352260

  • SSDEEP

    1536:PHHE2mYzsMx9kU1JMZWEt24CUU4MdajsNOVat2RzbmK+OCuBqGRCCuvlMMgCcDc:PEKsMrkUQ4JUU4MCseat2RziKR7Obr

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

141.98.102.235:16296

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Async RAT payload 5 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Barys.432395.1653.178.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Barys.432395.1653.178.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:704
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\Caspol.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Caspol.exe"
      2⤵
        PID:1072

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/704-54-0x0000000000D00000-0x0000000000D1E000-memory.dmp
      Filesize

      120KB

      Download
    • memory/704-55-0x0000000000150000-0x000000000015C000-memory.dmp
      Filesize

      48KB

      Download
    • memory/1072-56-0x0000000000400000-0x0000000000412000-memory.dmp
      Filesize

      72KB

      Download
    • memory/1072-57-0x0000000000400000-0x0000000000412000-memory.dmp
      Filesize

      72KB

      Download
    • memory/1072-58-0x0000000000400000-0x0000000000412000-memory.dmp
      Filesize

      72KB

      Download
    • memory/1072-59-0x0000000000400000-0x0000000000412000-memory.dmp
      Filesize

      72KB

      Download
    • memory/1072-60-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1072-61-0x0000000000400000-0x0000000000412000-memory.dmp
      Filesize

      72KB

      Download
    • memory/1072-63-0x0000000000400000-0x0000000000412000-memory.dmp
      Filesize

      72KB

      Download
    • memory/1072-65-0x0000000000400000-0x0000000000412000-memory.dmp
      Filesize

      72KB

      Download
    • memory/1072-66-0x0000000004DF0000-0x0000000004E30000-memory.dmp
      Filesize

      256KB

      Download
    • memory/1072-67-0x0000000004DF0000-0x0000000004E30000-memory.dmp
      Filesize

      256KB

      Download