Overview

overview

10

Static

static

10

xPo8U6ZjwEaV.exe

windows7-x64

10

xPo8U6ZjwEaV.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    80s
  • max time network
    82s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    14/06/2023, 20:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    xPo8U6ZjwEaV.exe

  • Size

    47KB

  • MD5

    1d04efd3c005feba5161fd2ddd8d7194

  • SHA1

    da4d6966afc58bd5b4f0e76b3af422f1b0235fce

  • SHA256

    aa44b193e2eb0046c55dc1a78fed298c361f06835256504ff42db39c5692df10

  • SHA512

    21d82980eb1a51e8cafe6062b2f51636c3dece8a1a67a1b9c22eb9311c39b02931162aea19269c864c638211421614116cd9db7790fc1621d5d1ecb3e4bae774

  • SSDEEP

    768:V9umxLiIL1CaS+DiNzTlD0yO5iBBYbugeVFybEvEgK/JzZVc6KN:V9uAPWNzTlwyOgybRmybEnkJzZVclN

Score
10/10
asyncrat15junio-rodarat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

15JUNIO-RODA

C2

hjgeuyiohfkjsdfhgiwe.duckdns.org:2525

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Async RAT payload 3 IoCs
    rat
  • Deletes itself 1 IoCs
  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\xPo8U6ZjwEaV.exe
    "C:\Users\Admin\AppData\Local\Temp\xPo8U6ZjwEaV.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1400
    • C:\Windows\system32\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmp30AB.tmp.bat""
      2⤵
      • Deletes itself
      • Suspicious use of WriteProcessMemory
      PID:1612
      • C:\Windows\system32\timeout.exe
        timeout 3
        3⤵
        • Delays execution with timeout.exe
        PID:860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar306B.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\tmp30AB.tmp.bat
    Filesize

    164B

    MD5

    8cd0d528199a2e8fd6a3b09edc4dd65e

    SHA1

    f864f47b9f80a04d28a1c1a78e8866a1dcdb6167

    SHA256

    b9d1004206d88ae8e64873abb620057435e2508cdc8d3682fce0c1766fb7ed53

    SHA512

    e4b9ad012e21096543ca6543991bb0bb9d690983a8200c47279c2329d1a946e804ac7392d5b057134902adac1482958e6fa1c59cf06d180c9ceaa95b8feb9963

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\tmp30AB.tmp.bat
    Filesize

    164B

    MD5

    8cd0d528199a2e8fd6a3b09edc4dd65e

    SHA1

    f864f47b9f80a04d28a1c1a78e8866a1dcdb6167

    SHA256

    b9d1004206d88ae8e64873abb620057435e2508cdc8d3682fce0c1766fb7ed53

    SHA512

    e4b9ad012e21096543ca6543991bb0bb9d690983a8200c47279c2329d1a946e804ac7392d5b057134902adac1482958e6fa1c59cf06d180c9ceaa95b8feb9963

    Download Submit

  • memory/1400-54-0x0000000000B20000-0x0000000000B32000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1400-55-0x000000001B1C0000-0x000000001B240000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1400-73-0x000000001B1C0000-0x000000001B240000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1400-74-0x00000000004D0000-0x0000000000534000-memory.dmp

    Filesize

    400KB

    Download

  • memory/1400-76-0x000000001A7A0000-0x000000001A804000-memory.dmp

    Filesize

    400KB

    Download