Overview

overview

10

Static

static

10

Siski.exe

windows10-2004-x64

10

Siski.exe

windows11-21h2-x64

10

Resubmissions

12/02/2024, 15:39

240212-s3q3lsbb34 10

12/02/2024, 15:38

240212-s24mbahd9z 10

07/09/2023, 13:31

230907-qswh8sab22 10

Analysis

  • max time kernel
    2s
  • platform
    windows11-21h2_x64
  • resource
    win11-20231215-en
  • resource tags

    arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    12/02/2024, 15:39

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Siski.exe

  • Size

    47KB

  • MD5

    abf6d6d4714ae551b78d625f01f70458

  • SHA1

    0a211f4f21a8f8ea157092a6fbd30656e4e901ed

  • SHA256

    782f8d9bf3c76d8e3c44e4c47febd44365a093b0e4fa4833557ea11bea6dbed9

  • SHA512

    f84663e85e3e1f94fe4d186123df1fcbbddd5073d9f4f103c2de9cc6131d7df90b56960416d741cc9b8fb0721f02186bc123c95770c000edcbf44382b30e6b73

  • SSDEEP

    768:gq+s3pUtDILNCCa+DiM/PiW78YbkgzDm+vEgK/JHZVc6KN:gq+AGtQOELzbre+nkJHZVclN

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

127.0.0.1:8848

109.120.188.95:8848
Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

Processes

  • C:\Users\Admin\AppData\Local\Temp\Siski.exe
    "C:\Users\Admin\AppData\Local\Temp\Siski.exe"
    1⤵
      PID:644

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/644-0-0x00000000002D0000-0x00000000002E2000-memory.dmp

            Filesize

            72KB

            Download

          • memory/644-1-0x00007FF8608D0000-0x00007FF861392000-memory.dmp

            Filesize

            10.8MB

            Download

          • memory/644-2-0x0000000000C40000-0x0000000000C50000-memory.dmp

            Filesize

            64KB

            Download

          • memory/644-3-0x00007FF8608D0000-0x00007FF861392000-memory.dmp

            Filesize

            10.8MB

            Download