Overview

overview

10

Static

static

10

ac6d6bf0fc...fN.exe

windows7-x64

10

ac6d6bf0fc...fN.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    16s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    11-12-2024 06:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ac6d6bf0fc57e2144cdd26445e17b1956c313437438e0579119dcc6792ef611fN.exe

  • Size

    63KB

  • MD5

    3c33fbd7a536179d16a319b0552b7be0

  • SHA1

    1b0cd9c571f6337d5da4f6ccb3e60448243df2b0

  • SHA256

    ac6d6bf0fc57e2144cdd26445e17b1956c313437438e0579119dcc6792ef611f

  • SHA512

    c3de0e1a2d3c35a3739e1ac42ca56532e4c93824fa5f285a6d8728fa268f0051d7ac8d805318e601a8ad122911279b50555bfe5f4e457f0d582e0354e6d0e7b6

  • SSDEEP

    1536:pmIucytXGkNfn4sKu+UYFzvDy5bCAPWU8SABrQTGlx:pmVcyt2kNjKu+UYFq5bCG8RGmx

Score
10/10
asyncratdozzy[1]discoveryratspywarestealer

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

Dozzy[1]

Mutex

Setup_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

  • pastebin_config

    https://pastebin.com/raw/AJqrj5ZH

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Asyncrat family
    asyncrat
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ac6d6bf0fc57e2144cdd26445e17b1956c313437438e0579119dcc6792ef611fN.exe
    "C:\Users\Admin\AppData\Local\Temp\ac6d6bf0fc57e2144cdd26445e17b1956c313437438e0579119dcc6792ef611fN.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2372

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\CabE948.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • memory/2372-0-0x00000000748CE000-0x00000000748CF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2372-1-0x00000000012E0000-0x00000000012F6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2372-2-0x00000000748C0000-0x0000000074FAE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2372-19-0x00000000748CE000-0x00000000748CF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2372-20-0x00000000748C0000-0x0000000074FAE000-memory.dmp

    Filesize

    6.9MB

    Download