Analysis
-
max time kernel
146s -
max time network
151s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 05:17
Behavioral task
behavioral1
Sample
AsyncClient.exe
Resource
win7-20231215-en
5 signatures
150 seconds
General
-
Target
AsyncClient.exe
-
Size
66KB
-
MD5
c3e2e729e929b8c7f7d5f3d44ea06d64
-
SHA1
159f9bcfb6a6a52578ad71b0fa4b529f6d788527
-
SHA256
d0b450b6f9127442b116bbc870a643335dbb5ec0eb861b579bd8db96bd995cc8
-
SHA512
7cf46135a5bc2ab4ec5962fd7da851e0f6d6471608141cf9b86408dc20e5778bfc20cbc2520a5a4aa671a802b4127e0673d18539a33b4ccae8dc493768e9c5d8
-
SSDEEP
1536:C2wukvF1ak9gcKu5UYF6FhtOtCifbSN/8tgZvoWdYq3rPlTGNx:C2dkvF1ak9Ku5UYFKv6CAbSutgZvrd3y
Malware Config
Extracted
Family
asyncrat
Version
| Edit 3LOSH RAT
Botnet
2024
C2
w3llstore.mywire.org:6606
w3llstore.mywire.org:7707
w3llstore.mywire.org:8808
Mutex
Dashboard_60101kCSS
Attributes
-
delay
3
-
install
false
-
install_folder
%AppData%
aes.plain
Signatures
-
Async RAT payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/2256-0-0x0000000000CE0000-0x0000000000CF6000-memory.dmp asyncrat -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
AsyncClient.exepid process 2256 AsyncClient.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
AsyncClient.exedescription pid process Token: SeDebugPrivilege 2256 AsyncClient.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
AsyncClient.exepid process 2256 AsyncClient.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2256-0-0x0000000000CE0000-0x0000000000CF6000-memory.dmpFilesize
88KB
-
memory/2256-1-0x0000000074620000-0x0000000074D0E000-memory.dmpFilesize
6.9MB
-
memory/2256-2-0x00000000049C0000-0x0000000004A00000-memory.dmpFilesize
256KB
-
memory/2256-3-0x0000000074620000-0x0000000074D0E000-memory.dmpFilesize
6.9MB
-
memory/2256-4-0x00000000049C0000-0x0000000004A00000-memory.dmpFilesize
256KB