Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    08-01-2025 02:49

General

  • Target

    7d11842cce74194adfff7709d7ba3f560dd381dc05b79810ac5c08bb220e6556.exe

  • Size

    45KB

  • MD5

    b525ea79a587def213905cf77f2b5e7e

  • SHA1

    08211f74b221764ad5e0ff24c914c8d8bf0fdedb

  • SHA256

    7d11842cce74194adfff7709d7ba3f560dd381dc05b79810ac5c08bb220e6556

  • SHA512

    dc9ff41591b455589a97f09245b2a70fccb1a68f1176696f386b634511f8498df8d549d9e931919c7e598586251a6552f118f0a439e4e708568afb7a0e7f46b1

  • SSDEEP

    768:OuUOVTwkbBHWU72ZcFmo2qjXMDnIMWBVEWWzjbvgX3isq+4YxUNcDZCf+:OuUOVTwA4M2cM2BVfW3bYXSxr+dCf+

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

wzt5xcg.localto.net:1604

wzt5xcg.localto.net:5274

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_file

    KYGOClient.exe

  • install_folder

    %AppData%

aes.plain
1
vGIC4WuJLWk2oQTO6rOEQO2fjZTug6Df

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

  • Asyncrat family
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\7d11842cce74194adfff7709d7ba3f560dd381dc05b79810ac5c08bb220e6556.exe
    "C:\Users\Admin\AppData\Local\Temp\7d11842cce74194adfff7709d7ba3f560dd381dc05b79810ac5c08bb220e6556.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2760

Network

  • flag-us
    DNS
    wzt5xcg.localto.net
    7d11842cce74194adfff7709d7ba3f560dd381dc05b79810ac5c08bb220e6556.exe
    Remote address:
    8.8.8.8:53
    Request
    wzt5xcg.localto.net
    IN A
    Response
    wzt5xcg.localto.net
    IN A
    116.203.56.216
  • 116.203.56.216:5274
    wzt5xcg.localto.net
    7d11842cce74194adfff7709d7ba3f560dd381dc05b79810ac5c08bb220e6556.exe
    152 B
    120 B
    3
    3
  • 116.203.56.216:1604
    wzt5xcg.localto.net
    7d11842cce74194adfff7709d7ba3f560dd381dc05b79810ac5c08bb220e6556.exe
    152 B
    120 B
    3
    3
  • 116.203.56.216:1604
    wzt5xcg.localto.net
    7d11842cce74194adfff7709d7ba3f560dd381dc05b79810ac5c08bb220e6556.exe
    152 B
    120 B
    3
    3
  • 116.203.56.216:5274
    wzt5xcg.localto.net
    7d11842cce74194adfff7709d7ba3f560dd381dc05b79810ac5c08bb220e6556.exe
    152 B
    120 B
    3
    3
  • 116.203.56.216:1604
    wzt5xcg.localto.net
    7d11842cce74194adfff7709d7ba3f560dd381dc05b79810ac5c08bb220e6556.exe
    152 B
    120 B
    3
    3
  • 116.203.56.216:5274
    wzt5xcg.localto.net
    7d11842cce74194adfff7709d7ba3f560dd381dc05b79810ac5c08bb220e6556.exe
    152 B
    120 B
    3
    3
  • 116.203.56.216:5274
    wzt5xcg.localto.net
    7d11842cce74194adfff7709d7ba3f560dd381dc05b79810ac5c08bb220e6556.exe
    152 B
    120 B
    3
    3
  • 116.203.56.216:5274
    wzt5xcg.localto.net
    7d11842cce74194adfff7709d7ba3f560dd381dc05b79810ac5c08bb220e6556.exe
    152 B
    120 B
    3
    3
  • 116.203.56.216:1604
    wzt5xcg.localto.net
    7d11842cce74194adfff7709d7ba3f560dd381dc05b79810ac5c08bb220e6556.exe
    152 B
    120 B
    3
    3
  • 116.203.56.216:5274
    wzt5xcg.localto.net
    7d11842cce74194adfff7709d7ba3f560dd381dc05b79810ac5c08bb220e6556.exe
    152 B
    120 B
    3
    3
  • 116.203.56.216:1604
    wzt5xcg.localto.net
    7d11842cce74194adfff7709d7ba3f560dd381dc05b79810ac5c08bb220e6556.exe
    152 B
    120 B
    3
    3
  • 116.203.56.216:1604
    wzt5xcg.localto.net
    7d11842cce74194adfff7709d7ba3f560dd381dc05b79810ac5c08bb220e6556.exe
    152 B
    120 B
    3
    3
  • 116.203.56.216:5274
    wzt5xcg.localto.net
    7d11842cce74194adfff7709d7ba3f560dd381dc05b79810ac5c08bb220e6556.exe
    152 B
    120 B
    3
    3
  • 116.203.56.216:1604
    wzt5xcg.localto.net
    7d11842cce74194adfff7709d7ba3f560dd381dc05b79810ac5c08bb220e6556.exe
    152 B
    120 B
    3
    3
  • 116.203.56.216:5274
    wzt5xcg.localto.net
    7d11842cce74194adfff7709d7ba3f560dd381dc05b79810ac5c08bb220e6556.exe
    152 B
    120 B
    3
    3
  • 116.203.56.216:1604
    wzt5xcg.localto.net
    7d11842cce74194adfff7709d7ba3f560dd381dc05b79810ac5c08bb220e6556.exe
    152 B
    120 B
    3
    3
  • 116.203.56.216:5274
    wzt5xcg.localto.net
    7d11842cce74194adfff7709d7ba3f560dd381dc05b79810ac5c08bb220e6556.exe
    152 B
    120 B
    3
    3
  • 116.203.56.216:5274
    wzt5xcg.localto.net
    7d11842cce74194adfff7709d7ba3f560dd381dc05b79810ac5c08bb220e6556.exe
    152 B
    120 B
    3
    3
  • 116.203.56.216:1604
    wzt5xcg.localto.net
    7d11842cce74194adfff7709d7ba3f560dd381dc05b79810ac5c08bb220e6556.exe
    152 B
    120 B
    3
    3
  • 116.203.56.216:1604
    wzt5xcg.localto.net
    7d11842cce74194adfff7709d7ba3f560dd381dc05b79810ac5c08bb220e6556.exe
    152 B
    120 B
    3
    3
  • 116.203.56.216:1604
    wzt5xcg.localto.net
    7d11842cce74194adfff7709d7ba3f560dd381dc05b79810ac5c08bb220e6556.exe
    152 B
    120 B
    3
    3
  • 116.203.56.216:5274
    wzt5xcg.localto.net
    7d11842cce74194adfff7709d7ba3f560dd381dc05b79810ac5c08bb220e6556.exe
    152 B
    120 B
    3
    3
  • 116.203.56.216:1604
    wzt5xcg.localto.net
    7d11842cce74194adfff7709d7ba3f560dd381dc05b79810ac5c08bb220e6556.exe
    152 B
    120 B
    3
    3
  • 116.203.56.216:5274
    wzt5xcg.localto.net
    7d11842cce74194adfff7709d7ba3f560dd381dc05b79810ac5c08bb220e6556.exe
    52 B
    40 B
    1
    1
  • 8.8.8.8:53
    wzt5xcg.localto.net
    dns
    7d11842cce74194adfff7709d7ba3f560dd381dc05b79810ac5c08bb220e6556.exe
    65 B
    81 B
    1
    1

    DNS Request

    wzt5xcg.localto.net

    DNS Response

    116.203.56.216

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2760-0-0x0000000074C6E000-0x0000000074C6F000-memory.dmp

    Filesize

    4KB

  • memory/2760-1-0x0000000000BC0000-0x0000000000BD2000-memory.dmp

    Filesize

    72KB

  • memory/2760-2-0x0000000074C60000-0x000000007534E000-memory.dmp

    Filesize

    6.9MB

  • memory/2760-3-0x0000000074C6E000-0x0000000074C6F000-memory.dmp

    Filesize

    4KB

  • memory/2760-4-0x0000000074C60000-0x000000007534E000-memory.dmp

    Filesize

    6.9MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.