Analysis
-
max time kernel
146s -
max time network
301s -
platform
windows11-21h2_x64 -
resource
win11-20240611-en -
resource tags
arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system -
submitted
27-06-2024 16:58
Behavioral task
behavioral1
Sample
download (1).exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
download (1).exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
download (1).exe
Resource
win10v2004-20240508-en
General
-
Target
download (1).exe
-
Size
62KB
-
MD5
03f5e6705fc4facf9bd54ec5b4fe75a3
-
SHA1
c11f97aae39b7b7949dc1d4f1ae60b7be26702ed
-
SHA256
ad2c029407cebf926900436721a48f42afb91768b15c7d2e3e584cb766661bd2
-
SHA512
188fab951618a9bf702094749a86553965451ac07ffd8df7aa4b00b10b6a0825743de48c956100b4051e1f16cc6a8b2be6338e5a6c4e87aff3eda60562f97823
-
SSDEEP
1536:2206UX9kGYrsVqfhuD2a/d97IURE8vU6a5NEG75bfAg6SoKlX4a8rBTRVx:2206UX9kSE8vU6a5iG75bfRXlITJvx
Malware Config
Extracted
asyncrat
AWS | 3Losh
newjop
backwork07.ddns.net:6666
AsyncMutex_raTMpP7xS21cDAE8
-
delay
3
-
install
false
-
install_folder
%AppData%
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
download (1).exepid process 4280 download (1).exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
download (1).exedescription pid process Token: SeDebugPrivilege 4280 download (1).exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
download (1).exepid process 4280 download (1).exe