asyncrat | 17267935eb463b712b505907f63e2d966683adac15817a0d1aa9fe392695c8b7

Analysis

Target

65uupBfz.exe
Size

45KB
MD5

8805adef6e16d06c8856f4aa34481d69
SHA1

2af70c3da038f4277b85aa34596ff6f7ddd05c7e
SHA256

17267935eb463b712b505907f63e2d966683adac15817a0d1aa9fe392695c8b7
SHA512

7096ee5260bd96e19dd344d9c6eca88b09852186df3ca6b9cee0de38f0b1f44f22d7ef2f0e719d9a9259d4ef55ec3190fda76bc25ec7da412da7403ca34e0c8d

Score

10^/10

asyncrat rat

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
rat asyncrat

Async RAT payload 1 IoCs

rat

Processes:

resource	yara_rule
behavioral1/memory/788-3-0x00000000007F0000-0x000000000080D000-memory.dmp	asyncrat

Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

432 cmd.exe
Delays execution with timeout.exe 1 IoCs
evasion

Processes:

timeout.exe

pid process

588 timeout.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

65uupBfz.exe

description pid process

Token: SeDebugPrivilege 788 65uupBfz.exe

pid	process
432	cmd.exe

pid	process
588	timeout.exe

description	pid	process
Token: SeDebugPrivilege	788	65uupBfz.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

65uupBfz.execmd.exe

description	pid	process	target process
PID 788 wrote to memory of 432	788	65uupBfz.exe	cmd.exe
PID 788 wrote to memory of 432	788	65uupBfz.exe	cmd.exe
PID 788 wrote to memory of 432	788	65uupBfz.exe	cmd.exe
PID 788 wrote to memory of 432	788	65uupBfz.exe	cmd.exe
PID 432 wrote to memory of 588	432	cmd.exe	timeout.exe
PID 432 wrote to memory of 588	432	cmd.exe	timeout.exe
PID 432 wrote to memory of 588	432	cmd.exe	timeout.exe
PID 432 wrote to memory of 588	432	cmd.exe	timeout.exe

C:\Windows\SysWOW64\timeout.exe
timeout 3
3⤵
- Delays execution with timeout.exe
PID:588

C:\Users\Admin\AppData\Local\Temp\tmp61C7.tmp.bat
MD5
0bbc142f83834c10edc68b2bfb723608

SHA1
d0f7f60d221ca0bcc4047db4d7afff3fcbc23221

SHA256
9fbf5e94e3951fc397d556d8217eb26cb18ae9fae5dd4c300fd2e26c4e8ee2f7

SHA512
8baaf146039281be1e9b6f1e2b3af9cd99b433a35e8302e9a34c629b40cbdd3fc6aa88a3746e7ac26ec62d816d221c74d56237f26cca2beae00a55db4ae67b1a

Download Submit
memory/432-4-0x0000000000000000-mapping.dmp

Download
memory/588-6-0x0000000000000000-mapping.dmp

Download
memory/788-0-0x00000000747A0000-0x0000000074E8E000-memory.dmp

Filesize
6.9MB

Download
memory/788-1-0x0000000000900000-0x0000000000901000-memory.dmp

Filesize
4KB

Download
memory/788-3-0x00000000007F0000-0x000000000080D000-memory.dmp

Filesize
116KB

Download