Overview

overview

10

Static

static

10

VixenPrivate.exe

windows7-x64

10

VixenPrivate.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-12-2024 21:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VixenPrivate.exe

  • Size

    63KB

  • MD5

    52d017d32bef7cffcb7ff98571736a97

  • SHA1

    f0764f6bec89063594e5afcf2233d586da2fa999

  • SHA256

    20e65c2d214ec536e42d4ce447afaa253b5cd9293fcd759e64023dd891dab6f2

  • SHA512

    538ea5e3b6516b63fe803a6e158b00a286fa3016df24a25f59e6a9b1ff3b01ad7876aff3efb8d474cf410d22db7b745698be46f6ae1f11ae819590607a2b999f

  • SSDEEP

    1536:SwXz4zflrUYJYUbBh9bFq7+MOGxuUdpqKmY7:SkUlbYUbBeFfGz

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

100.37.20.232:4872

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Asyncrat family
    asyncrat
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\VixenPrivate.exe
    "C:\Users\Admin\AppData\Local\Temp\VixenPrivate.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3280-0-0x00007FFB5C283000-0x00007FFB5C285000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3280-1-0x00000000008D0000-0x00000000008E6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/3280-2-0x00007FFB5C280000-0x00007FFB5CD41000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3280-3-0x00007FFB5C280000-0x00007FFB5CD41000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3280-6-0x00007FFB5C280000-0x00007FFB5CD41000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3280-7-0x00007FFB5C283000-0x00007FFB5C285000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3280-8-0x00007FFB5C280000-0x00007FFB5CD41000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3280-9-0x00007FFB5C280000-0x00007FFB5CD41000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3280-10-0x00007FFB5C280000-0x00007FFB5CD41000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3280-11-0x000000001B690000-0x000000001B706000-memory.dmp

    Filesize

    472KB

    Download

  • memory/3280-12-0x0000000002B60000-0x0000000002B94000-memory.dmp

    Filesize

    208KB

    Download

  • memory/3280-13-0x0000000002CE0000-0x0000000002CFE000-memory.dmp

    Filesize

    120KB

    Download