download: | DiscordHaxx%202.0%20[BETA].rar |
Full analysis: | https://app.any.run/tasks/eba5cc92-0a69-4721-bc1a-8715c7f2002a |
Verdict: | Malicious activity |
Threats: | AsyncRAT is a RAT that can monitor and remotely control infected systems. This malware was introduced on Github as a legitimate open-source remote administration software, but hackers use it for its many powerful malicious functions. |
Analysis date: | March 31, 2020, 00:55:10 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | 6E065FEC1314D3D902A8085B63D67D5D |
SHA1: | 1D74A48AAB769A15F7858AC156A20F0A92E383E3 |
SHA256: | 70CA1705ABD840271C73D4A250D4EF04852D2357F535D11479927C34A9843B02 |
SSDEEP: | 6144:c4V7cW0JE3AuZnBBbEq5gtgNt6ysSdA/uzW9mr1iwjpssSe9i4JJlpmGJCl55qoI:/J3AeB9IJSwgW9Eiwf9iK0NRp5jtA92O |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3376 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\d1956062-4486-4042-95fd-2dd79266ae58.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3100 | "C:\Windows\explorer.exe" | C:\Windows\explorer.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2692 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3376.47177\DiscordHaxx 2.0 [BETA]\DiscordHaxx 2.0.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3376.47177\DiscordHaxx 2.0 [BETA]\DiscordHaxx 2.0.exe | WinRAR.exe | |
User: admin Integrity Level: MEDIUM Exit code: 0 Version: 1.0.0.0 | ||||
2552 | cmd /c ""C:\Users\admin\AppData\Local\Temp\tmpF351.tmp.bat"" | C:\Windows\system32\cmd.exe | — | DiscordHaxx 2.0.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
1248 | timeout 3 | C:\Windows\system32\timeout.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: timeout - pauses command processing Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
392 | "C:\Users\admin\AppData\Local\Temp\supremedeluxfnhax.exe" | C:\Users\admin\AppData\Local\Temp\supremedeluxfnhax.exe | cmd.exe | |
User: admin Integrity Level: MEDIUM Version: 1.0.0.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3376 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\d1956062-4486-4042-95fd-2dd79266ae58\DiscordHaxx 2.0.exe | executable | |
MD5:3F90D104BD845098B4DA83B72F78D68D | SHA256:BFCAD598B3D75684181E340C22589E780500D7D9B6AF4F777D46ADA90EBB7786 | |||
3376 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\d1956062-4486-4042-95fd-2dd79266ae58\Newtonsoft.Json.dll | executable | |
MD5:D827DD8A8C4B2A2CFA23C7F90F3CCE95 | SHA256:B66749B81E1489FCD8D754B2AD39EBE0DB681344E392A3F49DC9235643BDBD06 | |||
3376 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\d1956062-4486-4042-95fd-2dd79266ae58\Information\README.txt | text | |
MD5:F6CD338F09657291879605F44F78A7A3 | SHA256:B6505D14BE249D624BB044EE2563F284D77C52B56FFE00BE5167CB1FFDE25479 | |||
3376 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3376.47177\DiscordHaxx 2.0 [BETA]\DiscordHaxx 2.0.exe | executable | |
MD5:3F90D104BD845098B4DA83B72F78D68D | SHA256:BFCAD598B3D75684181E340C22589E780500D7D9B6AF4F777D46ADA90EBB7786 | |||
3376 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\d1956062-4486-4042-95fd-2dd79266ae58\Themes\Flame.dht | text | |
MD5:974545594C3AC93B4EFDAB095728DC09 | SHA256:5FFAFE8238C26B98E8447D929E42A5FAE1BFD155560942FD19F287FC2381A787 | |||
3376 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\d1956062-4486-4042-95fd-2dd79266ae58\DHSettings.dll | executable | |
MD5:BA04E959B6071B4749A08A29EFF2FE9D | SHA256:BEECF1CED20C97A41986BB5EEC8435D8299E884F194A1FE148CB2299C27EA7F7 | |||
3376 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3376.47177\DiscordHaxx 2.0 [BETA]\DHSettings.dll | executable | |
MD5:BA04E959B6071B4749A08A29EFF2FE9D | SHA256:BEECF1CED20C97A41986BB5EEC8435D8299E884F194A1FE148CB2299C27EA7F7 | |||
3376 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\d1956062-4486-4042-95fd-2dd79266ae58\Themes\Icons\AppleTheme.ico | image | |
MD5:4EDE8EFF1669E9F4B8889B4DF77F8A0C | SHA256:755CBD5E30832A4AD32CCB211794BD9AD2900909CF2075F6F262C65F3FF7E893 | |||
3376 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\d1956062-4486-4042-95fd-2dd79266ae58\TokenGrabber.bin | executable | |
MD5:FAB9ED6DE6C7579B5C3D3798042A9FDB | SHA256:C14CB0E81F3584BEA99E33610F369EE8DEE89BFDAED34C12A331891B93CB8B2D | |||
3376 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\d1956062-4486-4042-95fd-2dd79266ae58\Vestris.ResourceLib.dll | executable | |
MD5:64E9CB25AEEFEEBA3BB579FB1A5559BC | SHA256:34CAB594CE9C9AF8E12A6923FC16468F5B87E168777DB4BE2F04DB883C1DB993 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
392 | supremedeluxfnhax.exe | 86.173.137.217:80 | — | British Telecommunications PLC | GB | unknown |