Analysis
-
max time kernel
1047s -
max time network
846s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
31/10/2024, 05:11
General
-
Target
AsyncClient.exe
-
Size
47KB
-
MD5
6a1e7e8a4657570761163e6de79565c7
-
SHA1
125a781c03d6e2893d451a682c88b87fcf9aa866
-
SHA256
649bf5471c340ffec7574c47217a3a5556ab2a1fac102014cc359b0109c2fd03
-
SHA512
f5c806f1ab8116314ace3d11194cfd669b158b5e57519e7b5b95956bfc6278086a6040a2696294933ea01b8fe283c7e1b95e90f858c2194d18f01dd6232e728a
-
SSDEEP
768:8u/dRTUo0HQbWUnmjSmo2qMW2dhv+Q8PIB3WfkBFP0bumDUyWJgh1Lr1BDZox:8u/dRTUPE2awv+SB3WfXbumIyWJ8lrbg
Malware Config
Extracted
Family
asyncrat
Version
0.5.8
Botnet
Default
C2
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
Mutex
mVH59AzvxdrQ
Attributes
-
delay
3
-
install
false
-
install_folder
%AppData%
aes.plain
Signatures
-
Asyncrat family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AsyncClient.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 1940 AsyncClient.exe Token: SeDebugPrivilege 1940 AsyncClient.exe