Overview

overview

10

Static

static

10

1733490555...ed.exe

windows7-x64

10

1733490555...ed.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-12-2024 13:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    17334905555b1bb5616b6229d3e91468cd944baaeea0d1c904cc91a0fe89b683d653c3710f732.dat-decoded.exe

  • Size

    47KB

  • MD5

    d911ec228cca02f17aaab6af1e680582

  • SHA1

    13581634c85c7ad432586e7deaafffb8c360799d

  • SHA256

    be89816230968c68817c6baa969d76514a1acd0f81fe8e4ff6aed7febfd23f2f

  • SHA512

    ff33e74f1cf9308069b70facc338c8bb066e92ce13d3ecdbfa1371b8715202ef9b5259e500ce1f8f77c8c27cb3ff1463422886c812ef66c841278fbea5842619

  • SSDEEP

    768:gq+s3pUtDILNCCa+Di6Qao2id8YbSget+28jkU/+vEgK/JHZVc6KN:gq+AGtQOVa0zbVc/bhnkJHZVclN

Score
10/10
asyncrattar22rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Tar22

C2

7014vj.duckdns.org:8000

Mutex

DcRatMutex_qwsafun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Asyncrat family
    asyncrat
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\17334905555b1bb5616b6229d3e91468cd944baaeea0d1c904cc91a0fe89b683d653c3710f732.dat-decoded.exe
    "C:\Users\Admin\AppData\Local\Temp\17334905555b1bb5616b6229d3e91468cd944baaeea0d1c904cc91a0fe89b683d653c3710f732.dat-decoded.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2124-0-0x00007FFAC2433000-0x00007FFAC2435000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2124-1-0x0000000000EF0000-0x0000000000F02000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2124-2-0x00007FFAC2430000-0x00007FFAC2EF1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2124-3-0x00007FFAC2433000-0x00007FFAC2435000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2124-4-0x00007FFAC2430000-0x00007FFAC2EF1000-memory.dmp

    Filesize

    10.8MB

    Download