Analysis
-
max time kernel
135s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
25-10-2024 19:07
Behavioral task
behavioral1
Sample
Client.exe
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
General
-
Target
Client.exe
-
Size
66KB
-
MD5
e4fdff5a89f062dfad43059a9fbe8d80
-
SHA1
3f6615b2421fab68e19f87cf834621cb330c730f
-
SHA256
e61d52a9c9e88e95650fcee8c8aca19da6dc97a78703be06cf0b8d08e0aeb012
-
SHA512
843bb88e42b4d82d4702fae47dfae078334c4db54e2ce8124f33d319c765058f652b2235604e02ff104d8d306a88ff9618ff51e51f996847e87ed0e2b4227707
-
SSDEEP
1536:zmfWSqHdykrVMKuJUYFs1LK1/dMbCYtGSamQRxqmMdrmTGdx:zmeSqHdykGKuJUYFwi1MbfE5/RxqmMdh
Malware Config
Extracted
Family
asyncrat
Version
| Edit by Vinom Rat
Botnet
Default
C2
82.9.14.4:4646
Mutex
AsyncMutex_6SI8OkPnk
Attributes
-
delay
3
-
install
false
-
install_folder
%AppData%
aes.plain
Signatures
-
Asyncrat family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
Client.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Client.exe