Analysis
-
max time kernel
132s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
06/04/2024, 01:30
Behavioral task
behavioral1
Sample
a89667a64a05760547dd5b7f8a87181fb145a48ed2492392918e653c7e5bb9a6.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a89667a64a05760547dd5b7f8a87181fb145a48ed2492392918e653c7e5bb9a6.exe
Resource
win10v2004-20240226-en
General
-
Target
a89667a64a05760547dd5b7f8a87181fb145a48ed2492392918e653c7e5bb9a6.exe
-
Size
47KB
-
MD5
6657934f52a0686aefcfac430c49eb6c
-
SHA1
e803dc674a183866df2ea7c732bd6ce288e4d273
-
SHA256
a89667a64a05760547dd5b7f8a87181fb145a48ed2492392918e653c7e5bb9a6
-
SHA512
5d0991ccd328d04ee99136c08ecf6ce17d1d557e0b44a7df55a553002c61aaef3a018fdbc90e2a0ca21bd13ef26865e6a8a95d541feb1a827c101a7378703cf5
-
SSDEEP
768:oq+s3pUtDILNCCa+DimriAPYb+geRHuPkqgmvEgK/JfZVc6KN:oq+AGtQOgQbBJtnkJfZVclN
Malware Config
Extracted
asyncrat
1.0.7
PROMESAS NEW 05
promesasalvaro1.duckdns.org:7091
DcRatMutex_qwqdanchun
-
delay
1
-
install
false
-
install_folder
%AppData%
Signatures
-
Detects executables attemping to enumerate video devices using WMI 1 IoCs
resource yara_rule behavioral1/memory/2188-0-0x00000000001B0000-0x00000000001C2000-memory.dmp INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice -
Detects executables containing the string DcRatBy 1 IoCs
resource yara_rule behavioral1/memory/2188-0-0x00000000001B0000-0x00000000001C2000-memory.dmp INDICATOR_SUSPICIOUS_EXE_DcRatBy -
Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc. 1 IoCs
resource yara_rule behavioral1/memory/2188-0-0x00000000001B0000-0x00000000001C2000-memory.dmp INDICATOR_SUSPICIOUS_EXE_B64_Artifacts