Analysis
-
max time kernel
58s -
max time network
45s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system -
submitted
30/03/2025, 19:25
Behavioral task
behavioral1
Sample
bb5dc9978dea81984a403ca77932287ebb8f29692064dd4d1b9a4de4177db311.exe
Resource
win7-20241010-en
General
-
Target
bb5dc9978dea81984a403ca77932287ebb8f29692064dd4d1b9a4de4177db311.exe
-
Size
60KB
-
MD5
832b74237397c1c0c66889645881fd81
-
SHA1
160655636d08c597561aee907dfa8e9c5fa3bf36
-
SHA256
bb5dc9978dea81984a403ca77932287ebb8f29692064dd4d1b9a4de4177db311
-
SHA512
eed9fd2293d204b0c3ddce92318ad101c838ee7e0fd78c823aa1f65c51ba2323794e4185c165a983adc107192aadb836831c5656f74da0b5a5d85016840fa9aa
-
SSDEEP
1536:jVDVd0eNaJOhfmwPS8zQ00j7t4JDUr12Vbb4gIu+h1wW:jVxd0eNaJOhfmwPS8zQ00GK2Vbb45z
Malware Config
Extracted
asyncrat
LMTEAM RAT
127.0.0.1:8848
-
delay
1
-
install
false
-
install_folder
%AppData%
Signatures
-
Asyncrat family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language bb5dc9978dea81984a403ca77932287ebb8f29692064dd4d1b9a4de4177db311.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2040 bb5dc9978dea81984a403ca77932287ebb8f29692064dd4d1b9a4de4177db311.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\bb5dc9978dea81984a403ca77932287ebb8f29692064dd4d1b9a4de4177db311.exe"C:\Users\Admin\AppData\Local\Temp\bb5dc9978dea81984a403ca77932287ebb8f29692064dd4d1b9a4de4177db311.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2040