Overview
overview
10Static
static
10S500 CRASH...CK.zip
windows11-21h2-x64
1S500 CRASH...ip.dll
windows11-21h2-x64
1S500 CRASH...pc.dll
windows11-21h2-x64
1S500 CRASH...ib.dll
windows11-21h2-x64
1S500 CRASH...i2.dll
windows11-21h2-x64
1S500 CRASH...or.dll
windows11-21h2-x64
1S500 CRASH...et.dll
windows11-21h2-x64
1S500 CRASH...ui.dll
windows11-21h2-x64
1S500 CRASH...es.dll
windows11-21h2-x64
1S500 CRASH...on.dll
windows11-21h2-x64
1S500 CRASH...et.dll
windows11-21h2-x64
1S500 CRASH...or.dll
windows11-21h2-x64
1S500 CRASH...BY.exe
windows11-21h2-x64
10S500 CRASH...et.dll
windows11-21h2-x64
1S500 CRASH...ui.dll
windows11-21h2-x64
1S500 CRASH...xt.dll
windows11-21h2-x64
1S500 CRASH...le.dll
windows11-21h2-x64
1S500 CRASH...ce.dll
windows11-21h2-x64
1S500 CRASH...rs.dll
windows11-21h2-x64
1S500 CRASH...on.dll
windows11-21h2-x64
1S500 CRASH...le.dll
windows11-21h2-x64
1S500 CRASH...em.dll
windows11-21h2-x64
1S500 CRASH...es.dll
windows11-21h2-x64
1S500 CRASH...tp.dll
windows11-21h2-x64
1S500 CRASH...ts.dll
windows11-21h2-x64
1S500 CRASH...on.dll
windows11-21h2-x64
1S500 CRASH...ms.dll
windows11-21h2-x64
1S500 CRASH...ng.dll
windows11-21h2-x64
1S500 CRASH...es.dll
windows11-21h2-x64
1S500 CRASH...es.dll
windows11-21h2-x64
1S500 CRASH...er.dll
windows11-21h2-x64
1S500 CRASH...ib.dll
windows11-21h2-x64
1Analysis
-
max time kernel
145s -
max time network
96s -
platform
windows11-21h2_x64 -
resource
win11-20231215-en -
resource tags
arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system -
submitted
14-01-2024 12:11
Behavioral task
behavioral1
Sample
S500 CRASHED DESTROYED BY BIG DICK.zip
Resource
win11-20231215-en
Behavioral task
behavioral2
Sample
S500 CRASHED DESTROYED BY BIG DICK/cgeoip.dll
Resource
win11-20231222-en
Behavioral task
behavioral3
Sample
S500 CRASHED DESTROYED BY BIG DICK/discordrpc.dll
Resource
win11-20231215-en
Behavioral task
behavioral4
Sample
S500 CRASHED DESTROYED BY BIG DICK/dnlib.dll
Resource
win11-20231215-en
Behavioral task
behavioral5
Sample
S500 CRASHED DESTROYED BY BIG DICK/guna.ui2.dll
Resource
win11-20231215-en
Behavioral task
behavioral6
Sample
S500 CRASHED DESTROYED BY BIG DICK/iconextractor.dll
Resource
win11-20231215-en
Behavioral task
behavioral7
Sample
S500 CRASHED DESTROYED BY BIG DICK/leaf.xnet.dll
Resource
win11-20231215-en
Behavioral task
behavioral8
Sample
S500 CRASHED DESTROYED BY BIG DICK/metroset ui.dll
Resource
win11-20231215-en
Behavioral task
behavioral9
Sample
S500 CRASHED DESTROYED BY BIG DICK/microsoft.win32.primitives.dll
Resource
win11-20231215-en
Behavioral task
behavioral10
Sample
S500 CRASHED DESTROYED BY BIG DICK/newtonsoft.json.dll
Resource
win11-20231215-en
Behavioral task
behavioral11
Sample
S500 CRASHED DESTROYED BY BIG DICK/protobuf-net.dll
Resource
win11-20231215-en
Behavioral task
behavioral12
Sample
S500 CRASHED DESTROYED BY BIG DICK/realtaiizor.dll
Resource
win11-20231222-en
Behavioral task
behavioral13
Sample
S500 CRASHED DESTROYED BY BIG DICK/sEXYbABY.exe
Resource
win11-20231215-en
Behavioral task
behavioral14
Sample
S500 CRASHED DESTROYED BY BIG DICK/scintillanet.dll
Resource
win11-20231222-en
Behavioral task
behavioral15
Sample
S500 CRASHED DESTROYED BY BIG DICK/siticone.ui.dll
Resource
win11-20231215-en
Behavioral task
behavioral16
Sample
S500 CRASHED DESTROYED BY BIG DICK/system.appcontext.dll
Resource
win11-20231215-en
Behavioral task
behavioral17
Sample
S500 CRASHED DESTROYED BY BIG DICK/system.console.dll
Resource
win11-20231215-en
Behavioral task
behavioral18
Sample
S500 CRASHED DESTROYED BY BIG DICK/system.diagnostics.diagnosticsource.dll
Resource
win11-20231215-en
Behavioral task
behavioral19
Sample
S500 CRASHED DESTROYED BY BIG DICK/system.globalization.calendars.dll
Resource
win11-20231215-en
Behavioral task
behavioral20
Sample
S500 CRASHED DESTROYED BY BIG DICK/system.io.compression.dll
Resource
win11-20231215-en
Behavioral task
behavioral21
Sample
S500 CRASHED DESTROYED BY BIG DICK/system.io.compression.zipfile.dll
Resource
win11-20231215-en
Behavioral task
behavioral22
Sample
S500 CRASHED DESTROYED BY BIG DICK/system.io.filesystem.dll
Resource
win11-20231215-en
Behavioral task
behavioral23
Sample
S500 CRASHED DESTROYED BY BIG DICK/system.io.filesystem.primitives.dll
Resource
win11-20231215-en
Behavioral task
behavioral24
Sample
S500 CRASHED DESTROYED BY BIG DICK/system.net.http.dll
Resource
win11-20231215-en
Behavioral task
behavioral25
Sample
S500 CRASHED DESTROYED BY BIG DICK/system.net.sockets.dll
Resource
win11-20231215-en
Behavioral task
behavioral26
Sample
S500 CRASHED DESTROYED BY BIG DICK/system.runtime.interopservices.runtimeinformation.dll
Resource
win11-20231222-en
Behavioral task
behavioral27
Sample
S500 CRASHED DESTROYED BY BIG DICK/system.security.cryptography.algorithms.dll
Resource
win11-20231222-en
Behavioral task
behavioral28
Sample
S500 CRASHED DESTROYED BY BIG DICK/system.security.cryptography.encoding.dll
Resource
win11-20231215-en
Behavioral task
behavioral29
Sample
S500 CRASHED DESTROYED BY BIG DICK/system.security.cryptography.primitives.dll
Resource
win11-20231215-en
Behavioral task
behavioral30
Sample
S500 CRASHED DESTROYED BY BIG DICK/system.security.cryptography.x509certificates.dll
Resource
win11-20231215-en
Behavioral task
behavioral31
Sample
S500 CRASHED DESTROYED BY BIG DICK/system.xml.readerwriter.dll
Resource
win11-20231215-en
Behavioral task
behavioral32
Sample
S500 CRASHED DESTROYED BY BIG DICK/vestris.resourcelib.dll
Resource
win11-20231215-en
General
-
Target
S500 CRASHED DESTROYED BY BIG DICK/sEXYbABY.exe
-
Size
63KB
-
MD5
9cabbaa5f95805449b6b39dfb5363ef7
-
SHA1
bfc9f92dcb82de22f2cfafbc2004375a3de0e112
-
SHA256
6ee41c8e942eadb4053b0b0e4535366e7a3921c740aa7d607bf3f3c9f8b20df9
-
SHA512
9fcc2be5099620108668dd06e42c43565c7bc1e8b22e092b1dbd20fbb5145e70a24513010c089a13c1e4ed6575778c4a7ca18669b8a977109f63545a7b430471
-
SSDEEP
768:7eApz0bfgJ78t7C8A+XkW9gKc+t+cV48Jv1+T4qSoGHmDbD+ph0oXUEqsUXSu8dP:DufRx9gkwchRnUbIh9Es7u8dpqKmY7
Malware Config
Extracted
asyncrat
127.0.0.1:3232
nNx2ΔΙgg吉C伊弗Gp德WrDT
-
delay
3
-
install
false
-
install_folder
.
Signatures
-
Async RAT payload 1 IoCs
resource yara_rule behavioral13/memory/3612-0-0x0000000000800000-0x0000000000816000-memory.dmp asyncrat -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3612 sEXYbABY.exe