Analysis
-
max time kernel
93s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
23-12-2024 13:01
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
209fbae1dc4dc78a2658fe4661208807.exe
Resource
win7-20240903-en
windows7-x64
0 signatures
150 seconds
General
-
Target
209fbae1dc4dc78a2658fe4661208807.exe
-
Size
2.0MB
-
MD5
209fbae1dc4dc78a2658fe4661208807
-
SHA1
7a8050672dcd6df8c45c658aba20d94d87f6c6b6
-
SHA256
ba8ac250bdc6e0bd364bd98fd4404bdc32517eacdad84977133e87aac46af90e
-
SHA512
dde1e517214580a4f73822295a20eab3f3480bb873d45f9853c06c4523ceb3155d849c1255d8cb4c52e33a95b5d29baaaa8c9fcd73719b12fbc91c442e433940
-
SSDEEP
24576:ldafm+R1FK6hh5QP4ZaVDwm0vxQOxA3eo8Tcxaahl7o7IipS54dyrtd8d:vk1Fdh2Werxaahl7o7q6cr4d
Malware Config
Extracted
Family
asyncrat
Version
0.5.8
Botnet
Default
C2
104.236.39.42:6606
104.236.39.42:7707
104.236.39.42:8808
Mutex
NLzwJdZ9VJQw
Attributes
-
delay
3
-
install
false
-
install_folder
%AppData%
aes.plain
Signatures
-
Asyncrat family
-
Async RAT payload 1 IoCs
resource yara_rule behavioral2/memory/1752-2-0x0000020BE9B00000-0x0000020BE9B12000-memory.dmp family_asyncrat -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1752 209fbae1dc4dc78a2658fe4661208807.exe