Analysis
-
max time kernel
145s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
24-11-2024 04:08
Static task
static1
Behavioral task
behavioral1
Sample
551f620c3b9557dc06aa26121afa7b2f69b9d27be0810ff90f3dc1ed9958640b.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
551f620c3b9557dc06aa26121afa7b2f69b9d27be0810ff90f3dc1ed9958640b.exe
Resource
win10v2004-20241007-en
General
-
Target
551f620c3b9557dc06aa26121afa7b2f69b9d27be0810ff90f3dc1ed9958640b.exe
-
Size
817KB
-
MD5
5effd4e5b74468ac3298c8255bcacf3b
-
SHA1
e1f4a94d1ab7151d3dce5167899fd4e90e636911
-
SHA256
551f620c3b9557dc06aa26121afa7b2f69b9d27be0810ff90f3dc1ed9958640b
-
SHA512
1eadee22c0975faa616337b29260fc686c72c9bb3dbb322cbde987da273d759f67b85306533c0601fcb4d1de4c4cb7761195946ed24410c348dafdffd4bb5763
-
SSDEEP
24576:4lH3UV7uG8N6A2500v90pkoMD9t2YCJUNtnZ73Y3qn:4fyb
Malware Config
Extracted
asyncrat
1.0.7
Default
host.rorasama.top:63321
127.0.0.1:63321
DcRatMutex_qwqdanchun
-
delay
1
-
install
false
-
install_folder
%AppData%
Signatures
-
Asyncrat family
-
Async RAT payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/2084-3-0x00000000003A0000-0x00000000003B6000-memory.dmp family_asyncrat -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
551f620c3b9557dc06aa26121afa7b2f69b9d27be0810ff90f3dc1ed9958640b.exedescription pid process Token: SeDebugPrivilege 2084 551f620c3b9557dc06aa26121afa7b2f69b9d27be0810ff90f3dc1ed9958640b.exe