Analysis

  • max time kernel
    145s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    01/03/2024, 12:11

General

  • Target

    3640-167-0x000001519FD30000-0x000001519FD42000-memory.exe

  • Size

    72KB

  • MD5

    4391e3cb9464f015722a26b1426423bd

  • SHA1

    297777ebc65447e670445d7231cc87eb294b4282

  • SHA256

    72a1fbab5749d564192be2f1d5ab8916861586b19a36a038ef3aebf26070d763

  • SHA512

    079b6d0956adf7fe80fdb513c75e5f1d2698b4e94aa8c30a2ecfdc8d3bf3c67925d530a2d2a000a37641a135ed885ce68b49900f9884eb12e6758b175c6d4dda

  • SSDEEP

    768:dOEuILWCKi+DiBtelDSN+iV08YbygeTnmeuPBivEgK/J9lZVc6KN:dOtmBtKDs4zb1Snmeu5inkJ3ZVclN

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

scrubloader

C2

scrubloader.ru:2192

Mutex

DcRatMutex_qwqdanchuncd

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

Processes

  • C:\Users\Admin\AppData\Local\Temp\3640-167-0x000001519FD30000-0x000001519FD42000-memory.exe
    "C:\Users\Admin\AppData\Local\Temp\3640-167-0x000001519FD30000-0x000001519FD42000-memory.exe"
    1⤵
      PID:2180

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/2180-0-0x00000000011E0000-0x00000000011F2000-memory.dmp

            Filesize

            72KB

          • memory/2180-1-0x000007FEF5320000-0x000007FEF5D0C000-memory.dmp

            Filesize

            9.9MB

          • memory/2180-2-0x0000000001140000-0x00000000011C0000-memory.dmp

            Filesize

            512KB

          • memory/2180-3-0x000007FEF5320000-0x000007FEF5D0C000-memory.dmp

            Filesize

            9.9MB