Overview

overview

10

Static

static

1

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Analysis

  • max time kernel
    90s
  • max time network
    142s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    09/04/2024, 22:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8aca56991f81e3d4ed9da29b87d8e7109a4017d9c35b44fd4d24885c3666bfef.exe

  • Size

    1.3MB

  • MD5

    5871e8ec0525f7850cb608382a5f30b4

  • SHA1

    acef833944d86a6f0560519831a36be76514dbca

  • SHA256

    8aca56991f81e3d4ed9da29b87d8e7109a4017d9c35b44fd4d24885c3666bfef

  • SHA512

    fe3e3a8b5f073935cb17762ba56bc2030f5de235ab5d5ac78f57ef71c744231045db5657d2261a03b6858fed07d08e9bfe4c84d19bae9ae55d525640b0290160

  • SSDEEP

    12288:GsFxpE2JExvhVP3dUQJJp2tCKIPJuWRXNdMTNHWsSPtWKHEpr7MfJq+/l4U4UsUR:Gc2hJuCXPMhH/iGprAfJTJNXqfZb2

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

38.181.35.175:8848

Mutex

DcRatMutex

Attributes
  • delay

    1

  • install

    false

  • install_file

    qazqaz.exe

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Async RAT payload 2 IoCs
    rat
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8aca56991f81e3d4ed9da29b87d8e7109a4017d9c35b44fd4d24885c3666bfef.exe
    "C:\Users\Admin\AppData\Local\Temp\8aca56991f81e3d4ed9da29b87d8e7109a4017d9c35b44fd4d24885c3666bfef.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1444-0-0x000001411FC60000-0x000001411FC76000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1444-1-0x0000014121520000-0x0000014121532000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1444-2-0x00007FFFD9BB0000-0x00007FFFDA672000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1444-3-0x000001413A070000-0x000001413A080000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1444-4-0x000001413A070000-0x000001413A080000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1444-7-0x00007FFFD9BB0000-0x00007FFFDA672000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1444-8-0x000001413A070000-0x000001413A080000-memory.dmp

    Filesize

    64KB

    Download