Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    25-05-2024 02:51

General

  • Target

    c56dc633c65434f91dd1a94a3044ed30_NeikiAnalytics.exe

  • Size

    337KB

  • MD5

    c56dc633c65434f91dd1a94a3044ed30

  • SHA1

    4a904dd388f380c7dfa0cbaa31b1a48cd0f57c48

  • SHA256

    9aed3c4a1c34622dae06f7c3db0e9b7f354ddecf6aed04c38f2dac26e65bd5fe

  • SHA512

    738a23eecbe58ce4178073ec8175d0e58416cdc38c3943ff06e90b82babb044b83b9f485284ad2d6bfe3a7c209f7ba6f837d1c2a8ac2291e430a1873e61cdc45

  • SSDEEP

    6144:sG0rAr2A+8QkxNdmBU0Z+hhZSo46MF6lv08YSmznZI:FvaAZQkjdmBjQVS635rYSmzni

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

DefaultACS2

C2

fanejkbdfjgjziu.sytes.net:8808

fanejkbdfjgjziu.sytes.net:7707

fanejkbdfjgjziu.sytes.net:8678

danmucjydcdyty.sytes.net:8808

danmucjydcdyty.sytes.net:7707

danmucjydcdyty.sytes.net:8678

awmucffjydfyj.sytes.net:8808

awmucffjydfyj.sytes.net:7707

awmucffjydfyj.sytes.net:8678

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    500

  • install

    true

  • install_file

    drb.exe

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c56dc633c65434f91dd1a94a3044ed30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c56dc633c65434f91dd1a94a3044ed30_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2616
    • C:\Users\Admin\AppData\Local\Temp\c56dc633c65434f91dd1a94a3044ed30_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\c56dc633c65434f91dd1a94a3044ed30_NeikiAnalytics.exe
      2⤵
        PID:2648

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2616-0-0x000000007495E000-0x000000007495F000-memory.dmp

      Filesize

      4KB

    • memory/2616-1-0x0000000000920000-0x000000000097E000-memory.dmp

      Filesize

      376KB

    • memory/2616-2-0x00000000003C0000-0x00000000003C6000-memory.dmp

      Filesize

      24KB

    • memory/2616-3-0x00000000004F0000-0x0000000000542000-memory.dmp

      Filesize

      328KB

    • memory/2616-4-0x0000000074950000-0x000000007503E000-memory.dmp

      Filesize

      6.9MB

    • memory/2616-5-0x00000000003E0000-0x00000000003E6000-memory.dmp

      Filesize

      24KB

    • memory/2616-11-0x0000000074950000-0x000000007503E000-memory.dmp

      Filesize

      6.9MB

    • memory/2648-10-0x0000000000400000-0x0000000000412000-memory.dmp

      Filesize

      72KB

    • memory/2648-8-0x0000000000400000-0x0000000000412000-memory.dmp

      Filesize

      72KB

    • memory/2648-6-0x0000000000400000-0x0000000000412000-memory.dmp

      Filesize

      72KB

    • memory/2648-12-0x0000000074950000-0x000000007503E000-memory.dmp

      Filesize

      6.9MB

    • memory/2648-13-0x0000000074950000-0x000000007503E000-memory.dmp

      Filesize

      6.9MB