Analysis
-
max time kernel
148s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
17-12-2024 13:53
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
e54d42724412abbbe374ddbc82e0377b991f585a2e1953c56277705ebd99a1c7.exe
Resource
win7-20241010-en
windows7-x64
0 signatures
150 seconds
General
-
Target
e54d42724412abbbe374ddbc82e0377b991f585a2e1953c56277705ebd99a1c7.exe
-
Size
2.1MB
-
MD5
3a7a99d589391b86a223fc446d97453e
-
SHA1
d87c15d24ae898404fa677d40f3b00a4d1e22614
-
SHA256
e54d42724412abbbe374ddbc82e0377b991f585a2e1953c56277705ebd99a1c7
-
SHA512
4b064442b8f249334d89bbc3a54b781400741debb941e43c8e7b29cc3e0279ff62ee55d7db96826ad3fcc2d5d634d793457c969fdafb6c1eb0874940d72f3c93
-
SSDEEP
24576:WR2oDdYGqiMFSthUcJwI+bjQsYBmRfOscv+aFRUa8C/nFoFGsbUvqHe:sdDeGqiMP3I+G+OR+Ar/nFoFGTS+
Malware Config
Extracted
Family
asyncrat
Version
1.0.7
Botnet
Default
C2
127.0.0.1:8848
192.168.153.119:8848
Mutex
DcRatMutex_qwqdanchun
Attributes
-
delay
1
-
install
false
-
install_file
WindowsDefender.exe
-
install_folder
%AppData%
aes.plain
Signatures
-
Asyncrat family
-
Async RAT payload 1 IoCs
resource yara_rule behavioral2/memory/1464-2-0x0000023268A60000-0x0000023268A76000-memory.dmp family_asyncrat -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1464 e54d42724412abbbe374ddbc82e0377b991f585a2e1953c56277705ebd99a1c7.exe