Overview

overview

10

Static

static

10

0lXGBz7ZMe.exe

windows7-x64

10

0lXGBz7ZMe.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20250207-en
  • resource tags

    arch:x64arch:x86image:win7-20250207-enlocale:en-usos:windows7-x64system
  • submitted
    15/03/2025, 13:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0lXGBz7ZMe.exe

  • Size

    74KB

  • MD5

    484c9d7582a74eb6fac05b9c7e4eac44

  • SHA1

    de1bce03ce38f32866ee0f545c1a7d94748ee7cf

  • SHA256

    fb0569e9a61a133ef7382181966c3bd3e21bc32d078804edbe1eea80cde43af4

  • SHA512

    90aaf9c27267ab318ac7d7e845678c6bf742ebadf7d785d0a03cdb9fd3abd0fbb866a5672ee0da4ffd04345192e2f49d24e0d8ab502a31ba790929f9a00dee22

  • SSDEEP

    1536:9UpGcx5NVCQkPMV+O9VdQuDI6H1bf/BMO5QyQzcBLVclN:9Uscx5zTkPMV+O9VdQsH1bficQyQYBY

Score
10/10
asyncratvenomratdefaultdiscoveryrat

Malware Config

Extracted

Family

asyncrat

Version

| Controller

Botnet

Default

C2

20.206.204.9:4449

Mutex

ammmjprqjnqswrieh

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Asyncrat family
    asyncrat
  • VenomRAT 1 IoCs

    Detects VenomRAT.

    rat
  • Venomrat family
    venomrat
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 29 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0lXGBz7ZMe.exe
    "C:\Users\Admin\AppData\Local\Temp\0lXGBz7ZMe.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2400

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    71KB

    MD5

    83142242e97b8953c386f988aa694e4a

    SHA1

    833ed12fc15b356136dcdd27c61a50f59c5c7d50

    SHA256

    d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

    SHA512

    bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarEBBD.tmp
    Filesize

    183KB

    MD5

    109cab5505f5e065b63d01361467a83b

    SHA1

    4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

    SHA256

    ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

    SHA512

    753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

    Download Submit

  • memory/2400-0-0x000007FEF5EB3000-0x000007FEF5EB4000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2400-1-0x0000000000B80000-0x0000000000B98000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2400-3-0x000007FEF5EB0000-0x000007FEF689C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2400-4-0x000007FEF5EB0000-0x000007FEF689C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2400-42-0x000007FEF5EB3000-0x000007FEF5EB4000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2400-43-0x000007FEF5EB0000-0x000007FEF689C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2400-44-0x000007FEF5EB0000-0x000007FEF689C000-memory.dmp

    Filesize

    9.9MB

    Download