General
-
Target
Client.exe
-
Size
48KB
-
Sample
241110-f8axcs1cnc
-
MD5
9028b853115f1fbc562435c3191b3546
-
SHA1
3b06a8e9bafe7a1d75243884fc11862c059a29dd
-
SHA256
b40bb21bbe95e8431da174700874d89150002a974e7046890146d06cec9044ad
-
SHA512
d4e7fd7b13075af3a2f6d83ebb3106c48dad939eee1281a3acdd653d0d093757fcfce4072a1de8ac8a7eaab4ed7ecf560d56e03c8864f14d626da54e7146eb80
-
SSDEEP
768:lV9TQo2oIL4+M0+LiktelDSN+iV08Ybyge7LrMvEgK/JzWfVc6KN:lVpQoVsktKDs4zb1wUnkJzWfVclN
Behavioral task
behavioral1
Sample
Client.exe
Resource
win10ltsc2021-20241023-en
Malware Config
Extracted
asyncrat
1.0.7
Default
127.0.0.1:8848
127.0.0.1:54025
147.185.221.23:8848
147.185.221.23:54025
DcRatMutex_qwqdanchun
-
delay
1
-
install
false
-
install_file
opus hook injector.exe
-
install_folder
%AppData%
Targets
-
-
Target
Client.exe
-
Size
48KB
-
MD5
9028b853115f1fbc562435c3191b3546
-
SHA1
3b06a8e9bafe7a1d75243884fc11862c059a29dd
-
SHA256
b40bb21bbe95e8431da174700874d89150002a974e7046890146d06cec9044ad
-
SHA512
d4e7fd7b13075af3a2f6d83ebb3106c48dad939eee1281a3acdd653d0d093757fcfce4072a1de8ac8a7eaab4ed7ecf560d56e03c8864f14d626da54e7146eb80
-
SSDEEP
768:lV9TQo2oIL4+M0+LiktelDSN+iV08Ybyge7LrMvEgK/JzWfVc6KN:lVpQoVsktKDs4zb1wUnkJzWfVclN
-
Asyncrat family
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies Windows Firewall
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1