Overview

overview

10

Static

static

10

teste.exe

windows7-x64

10

teste.exe

windows10-2004-x64

10

Resubmissions

12-07-2024 05:08

240712-fsxfesscla 10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-07-2024 05:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    teste.exe

  • Size

    45KB

  • MD5

    39fb1441dd20fb5ab770e846469c92be

  • SHA1

    0207009a6763ad9616cf05405fab459ee98239a2

  • SHA256

    e75f0b253a7a1fbd89b3e4a6d8557bcf82f5ab768daedb3087f76f7df7da96fb

  • SHA512

    0f550b604ba4df6f6581a940ddd9bd569d546d2a62559859f56109b4ad33f0785b28f042c9f95f82c8ad001b2114e832939d6e909bd9a42b286f2418e176279d

  • SSDEEP

    768:JuyCNTAoZjRWUJd9bmo2qLNmJ5G61cPInzjbUgX3ijbHHLsvr5BDZmx:JuyCNTAGL2omDDhn3b7XSfH8rndmx

Score
10/10
asyncratniggersrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Niggers

Mutex

QbwNF2xUAg1m

Attributes
  • delay

    3

  • install

    false

  • install_file

    updater.exe

  • install_folder

    %AppData%

  • pastebin_config

    https://pastebin.com/raw/Hbm5qNCB

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\teste.exe
    "C:\Users\Admin\AppData\Local\Temp\teste.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:5104
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpD2D1.tmp.bat""
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4844
      • C:\Windows\SysWOW64\timeout.exe
        timeout 3
        3⤵
        • Delays execution with timeout.exe
        PID:4864

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\tmpD2D1.tmp.bat
    Filesize

    157B

    MD5

    92ad4d7490de8c3259ad6f0618d488ac

    SHA1

    f5f72b0716a947099f1133c65e0356e456117d72

    SHA256

    749fcef6558dfc9e8e694e52e13f8578952dd316f642a1d497ea94240df7d360

    SHA512

    d04b333e8f2c209b94afc0e8db4509ee81eb7481a5c6e75e491a3e17712f61a6827d29c65050a0819c983bef52d0b8ec995824a692e05bd183e559f63fde0363

    Download Submit

  • memory/5104-6-0x0000000074A0E000-0x0000000074A0F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5104-2-0x0000000074A00000-0x00000000751B0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/5104-3-0x00000000056E0000-0x000000000577C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/5104-4-0x0000000005D30000-0x00000000062D4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/5104-5-0x00000000057F0000-0x0000000005856000-memory.dmp

    Filesize

    408KB

    Download

  • memory/5104-0-0x0000000074A0E000-0x0000000074A0F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5104-7-0x0000000074A00000-0x00000000751B0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/5104-8-0x0000000006960000-0x00000000069D6000-memory.dmp

    Filesize

    472KB

    Download

  • memory/5104-9-0x00000000068E0000-0x0000000006944000-memory.dmp

    Filesize

    400KB

    Download

  • memory/5104-10-0x0000000006A40000-0x0000000006A5E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/5104-1-0x0000000000440000-0x0000000000452000-memory.dmp

    Filesize

    72KB

    Download

  • memory/5104-15-0x0000000074A00000-0x00000000751B0000-memory.dmp

    Filesize

    7.7MB

    Download