Overview

overview

10

Static

static

10

AsyncClient.exe

windows7_x64

10

AsyncClient.exe

windows10_x64

10

Analysis

  • max time kernel
    121s
  • max time network
    152s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    29-10-2021 08:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AsyncClient.exe

  • Size

    45KB

  • MD5

    d4b8b8cfd3b479a8138cd750c58a7c82

  • SHA1

    b96aa9a15e4076786b16edfef4b3a92d289a3cad

  • SHA256

    1490f6303a675ded86c22841f87868c6f0867e922671e0426f499e46a72060d2

  • SHA512

    388654ac3e7c550b1a350efab96d8c9f30450a02edfa3d91a902e915a4bdaee26d628ed2cd3f6dfbb9601ccf0a2feb0b06f098562ae384e88abbb3a05b9d1978

Score
10/10
asyncratratsuricata

Malware Config

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers.

    ratasyncrat
  • suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

    suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

    suricata
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AsyncClient.exe
    "C:\Users\Admin\AppData\Local\Temp\AsyncClient.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3132

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3132-115-0x0000000000AF0000-0x0000000000AF1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3132-117-0x00000000053C0000-0x00000000053C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3132-118-0x0000000005B40000-0x0000000005B41000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3132-119-0x00000000060E0000-0x00000000060E1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3132-120-0x0000000005BE0000-0x0000000005BE1000-memory.dmp
    Filesize

    4KB

    Download