Overview

overview

10

Static

static

3

2bc78e0d14...2d.exe

windows7-x64

10

2bc78e0d14...2d.exe

windows10-2004-x64

10

4922d2660f...c5.exe

windows7-x64

10

4922d2660f...c5.exe

windows10-2004-x64

1

4e14f58935...61.exe

windows7-x64

10

4e14f58935...61.exe

windows10-2004-x64

1

64b9d76ec0...52.exe

windows7-x64

10

64b9d76ec0...52.exe

windows10-2004-x64

3

79f68c9a2d...ee.exe

windows7-x64

7

79f68c9a2d...ee.exe

windows10-2004-x64

7

c984a9446b...d3.exe

windows7-x64

10

c984a9446b...d3.exe

windows10-2004-x64

3

d69dc8e0a1...67.exe

windows7-x64

10

d69dc8e0a1...67.exe

windows10-2004-x64

10

dff2cf2793...3f.exe

windows7-x64

10

dff2cf2793...3f.exe

windows10-2004-x64

1

e542080348...18.exe

windows7-x64

10

e542080348...18.exe

windows10-2004-x64

10

f96c9a2487...e6.exe

windows7-x64

10

f96c9a2487...e6.exe

windows10-2004-x64

3

fe2da521d1...ff.exe

windows7-x64

10

fe2da521d1...ff.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2023 15:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4e14f58935961de4c602799826fe779776890a35ab1472ef4501377bfc413361.exe

  • Size

    1.4MB

  • MD5

    fd9c7d6f558d0afccd202e41430495a7

  • SHA1

    1030d9b996f71ce204858f5ce08ea3bf30dfc642

  • SHA256

    4e14f58935961de4c602799826fe779776890a35ab1472ef4501377bfc413361

  • SHA512

    2b2e7cad8370eafc4dfbf39f30680f5f2342858ff89299e57bb9826c5281fccbfb56f5816c0e8ffd9ecad0bba977e293cd2e302b1ed894173639569740a96c66

  • SSDEEP

    12288:f81BydfZOHIdWc02tHIFxqwxwqk8OeHxZProNiXhfQv7RJ2FuidognS2IingF6kd:cafZMmWc00HWXoKctJfQ8bFF1

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

aa9064aa.e1.luyouxia.net:22391

Mutex

1

Attributes
  • delay

    1

  • install

    false

  • install_file

    1.exe

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Async RAT payload 1 IoCs
    rat
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4e14f58935961de4c602799826fe779776890a35ab1472ef4501377bfc413361.exe
    "C:\Users\Admin\AppData\Local\Temp\4e14f58935961de4c602799826fe779776890a35ab1472ef4501377bfc413361.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar39DD.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit
  • memory/1332-54-0x00000000001E0000-0x00000000001F6000-memory.dmp
    Filesize

    88KB

    Download
  • memory/1332-55-0x00000000002A0000-0x00000000002B2000-memory.dmp
    Filesize

    72KB

    Download
  • memory/1332-56-0x000000001AF30000-0x000000001AFB0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1332-57-0x000000001AF30000-0x000000001AFB0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1332-95-0x000000001AF30000-0x000000001AFB0000-memory.dmp
    Filesize

    512KB

    Download