Analysis
-
max time kernel
167s -
max time network
176s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
06-10-2023 15:57
Behavioral task
behavioral1
Sample
Stub.exe
Resource
win7-20230831-en
windows7-x64
6 signatures
150 seconds
General
-
Target
Stub.exe
-
Size
65KB
-
MD5
46d01b897ab24927386d833e630b169b
-
SHA1
561605aee3e28603fe8e13bf9842b43daa2cc643
-
SHA256
9be72fd888085db2d0b72e1bd4a2c4e986b5c0ad6c1ce873c25d6cf289bc72e0
-
SHA512
62d8afd488eed1a5478b3bf0b432d8d32e8e31b4590d43a7773665d4c2158e985d29b8f3226f18cd10da9558b040bddcff7cff7ded3dc38e8f5612453d8dae6e
-
SSDEEP
1536:/A2Fhvk7JknoDR58tXwL6cgue6rsgE8PU6agj3OJ4G+hbtEd7AJRX8roTR9x:Y2FhvkNkgE8PU6ag6J4zhbtlW2nx
Malware Config
Extracted
Family
asyncrat
Version
| Edit 3LOSH RAT
Botnet
joker
C2
209.145.56.0:57
Mutex
AsyncMutex_fff
Attributes
-
delay
3
-
install
false
-
install_folder
%AppData%
aes.plain
Signatures
-
Async RAT payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/3784-0-0x0000000000B90000-0x0000000000BA6000-memory.dmp asyncrat -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
Stub.exepid process 3784 Stub.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
Stub.exedescription pid process Token: SeDebugPrivilege 3784 Stub.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
Stub.exepid process 3784 Stub.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3784-0-0x0000000000B90000-0x0000000000BA6000-memory.dmpFilesize
88KB
-
memory/3784-1-0x00000000745C0000-0x0000000074D70000-memory.dmpFilesize
7.7MB
-
memory/3784-2-0x00000000055A0000-0x00000000055B0000-memory.dmpFilesize
64KB
-
memory/3784-3-0x00000000745C0000-0x0000000074D70000-memory.dmpFilesize
7.7MB
-
memory/3784-4-0x00000000055A0000-0x00000000055B0000-memory.dmpFilesize
64KB
-
memory/3784-5-0x0000000006060000-0x0000000006604000-memory.dmpFilesize
5.6MB
-
memory/3784-6-0x0000000005C50000-0x0000000005CE2000-memory.dmpFilesize
584KB
-
memory/3784-7-0x0000000005C40000-0x0000000005C4A000-memory.dmpFilesize
40KB
-
memory/3784-10-0x0000000006B90000-0x0000000006C2C000-memory.dmpFilesize
624KB
-
memory/3784-11-0x0000000006880000-0x00000000068E6000-memory.dmpFilesize
408KB