Overview

overview

10

Static

static

3

0a513f2465...2d.exe

windows7-x64

10

0a513f2465...2d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    58s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 01:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0a513f2465f58e492d40d9fe2777762d.exe

  • Size

    1.3MB

  • MD5

    0a513f2465f58e492d40d9fe2777762d

  • SHA1

    555db956e8a0127a89d203cf694381713bb4d0fd

  • SHA256

    f1403d60975bdc80d798c2b3b8f0fd47822fba04da7c254c274b63a09cf0e6c7

  • SHA512

    9d0b78fc3fdfc592de9f30752455605fa39b4479f14206f42ef082557299c9a1c95d8091ceb4ae45b11b2d80fcf94038ce8d2453a93815361b1235b4ee929f4b

  • SSDEEP

    24576:2HdS/d3RYdkJUTcfAmWnOc6GO5NB+ihuxxUmwRGPoN7vdiTbnFM:SMvo765L+ihO+m/PoiM

Score
10/10
asyncrat30/7/2021.exerat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

30/7/2021.exe

C2

5541.gotdns.ch:5541

Mutex

30/7/2021

Attributes
  • delay

    3

  • install

    false

  • install_file

    30/7/2021.scr

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Async RAT payload 3 IoCs
    rat
  • CustAttr .NET packer 1 IoCs

    Detects CustAttr .NET packer in memory.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\0a513f2465f58e492d40d9fe2777762d.exe
    "C:\Users\Admin\AppData\Local\Temp\0a513f2465f58e492d40d9fe2777762d.exe"
    1⤵
      PID:216
      • C:\Users\Admin\AppData\Local\Temp\0a513f2465f58e492d40d9fe2777762d.exe
        "C:\Users\Admin\AppData\Local\Temp\0a513f2465f58e492d40d9fe2777762d.exe"
        2⤵
          PID:3764
        • C:\Windows\SysWOW64\schtasks.exe
          "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\wXkVgyFBi" /XML "C:\Users\Admin\AppData\Local\Temp\tmp2A09.tmp"
          2⤵
          • Creates scheduled task(s)
          PID:1820

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\0a513f2465f58e492d40d9fe2777762d.exe.log
        Filesize

        1KB

        MD5

        17573558c4e714f606f997e5157afaac

        SHA1

        13e16e9415ceef429aaf124139671ebeca09ed23

        SHA256

        c18db6aecad2436da4a63ff26af4e3a337cca48f01c21b8db494fe5ccc60e553

        SHA512

        f4edf13f05a0d142e4dd42802098c8c44988ee8869621a62c2b565a77c9a95857f636583ff8d6d9baa366603d98b9bfbf1fc75bc6f9f8f83c80cb1215b2941cc

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\tmp2A09.tmp
        Filesize

        1KB

        MD5

        dacc156207f592fed05dd9953b942490

        SHA1

        894ddb6a8c04a669924ac5c9224f0667212ff8a8

        SHA256

        0ca51576ab92e24c74a8d7a94cfa09c6c2438c7c176c88400794628cbe8f6574

        SHA512

        9999366fb19bab03ea88ed0b4545ed10774bc95ee31337c981f5c81210ad21e565ecc2bb29b381d76bb1195ba915d4d89e07c57487ace3a988a56442c7a88ea6

        Download Submit

      • memory/216-5-0x0000000005AC0000-0x0000000005AD0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/216-10-0x0000000007360000-0x00000000073E2000-memory.dmp

        Filesize

        520KB

        Download

      • memory/216-3-0x0000000006090000-0x0000000006634000-memory.dmp

        Filesize

        5.6MB

        Download

      • memory/216-1-0x0000000074C70000-0x0000000075420000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/216-7-0x0000000005D70000-0x0000000005DC6000-memory.dmp

        Filesize

        344KB

        Download

      • memory/216-6-0x0000000005AF0000-0x0000000005AFA000-memory.dmp

        Filesize

        40KB

        Download

      • memory/216-8-0x0000000005F10000-0x0000000005F22000-memory.dmp

        Filesize

        72KB

        Download

      • memory/216-9-0x0000000074C70000-0x0000000075420000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/216-11-0x0000000009840000-0x0000000009852000-memory.dmp

        Filesize

        72KB

        Download

      • memory/216-4-0x0000000005B80000-0x0000000005C12000-memory.dmp

        Filesize

        584KB

        Download

      • memory/216-0-0x0000000000F00000-0x0000000001050000-memory.dmp

        Filesize

        1.3MB

        Download

      • memory/216-20-0x0000000074C70000-0x0000000075420000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/216-2-0x00000000059C0000-0x0000000005A5C000-memory.dmp

        Filesize

        624KB

        Download

      • memory/3764-21-0x0000000074C70000-0x0000000075420000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/3764-17-0x0000000000400000-0x0000000000412000-memory.dmp

        Filesize

        72KB

        Download

      • memory/3764-22-0x0000000000FA0000-0x0000000000FB0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3764-23-0x0000000074C70000-0x0000000075420000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/3764-24-0x0000000000FA0000-0x0000000000FB0000-memory.dmp

        Filesize

        64KB

        Download