Analysis
-
max time kernel
93s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
05-07-2022 12:42
Behavioral task
behavioral1
Sample
AsyncClient_Stub.exe
Resource
win7-20220414-en
General
-
Target
AsyncClient_Stub.exe
-
Size
50KB
-
MD5
f3a066bce69b45716edcb4c49028e05c
-
SHA1
c58693b2d10f4d151eb7951efbf040364cc047bb
-
SHA256
82e92309f355dee038c9377df58d47aa2f9058d7db9d804e1c021a6e12d20883
-
SHA512
81c166202020502b8991d6fbb91237110953491a7bcb952982fb4f2b9bc92da742ae34e13f3a3023322b4cbd26108ab6f9468071a61a339f6d97943ddd60f230
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
#_AVAST_#
cdtpitbull.hopto.org:7707
cdtpitbull.hopto.org:4404
cdtpitbull.hopto.org:5505
cdtpitbull.hopto.org:3303
cdtpitbull.hopto.org:2222
cdtpitbull.hopto.org:6606
cdtpitbull.hopto.org:8808
cdtpitbull.hopto.org:5155
cdtpitbull.hopto.org:5122
cdtpitbull.hopto.org:8001
cdtpitbull.hopto.org:9000
cdtpitbull.hopto.org:9999
cdtpitbull.hopto.org:8888
chromedata.accesscam.org:7707
chromedata.accesscam.org:4404
chromedata.accesscam.org:5505
chromedata.accesscam.org:3303
chromedata.accesscam.org:2222
chromedata.accesscam.org:6606
chromedata.accesscam.org:8808
chromedata.accesscam.org:5155
chromedata.accesscam.org:5122
chromedata.accesscam.org:8001
chromedata.accesscam.org:9000
chromedata.accesscam.org:9999
chromedata.accesscam.org:8888
datacontrol.ddns.net:7707
datacontrol.ddns.net:4404
datacontrol.ddns.net:5505
datacontrol.ddns.net:3303
datacontrol.ddns.net:2222
datacontrol.ddns.net:6606
datacontrol.ddns.net:8808
datacontrol.ddns.net:5155
datacontrol.ddns.net:5122
datacontrol.ddns.net:8001
datacontrol.ddns.net:9000
datacontrol.ddns.net:9999
datacontrol.ddns.net:8888
cdt2023.ddns.net:7707
cdt2023.ddns.net:4404
cdt2023.ddns.net:5505
cdt2023.ddns.net:3303
cdt2023.ddns.net:2222
cdt2023.ddns.net:6606
cdt2023.ddns.net:8808
cdt2023.ddns.net:5155
cdt2023.ddns.net:5122
cdt2023.ddns.net:8001
cdt2023.ddns.net:9000
cdt2023.ddns.net:9999
cdt2023.ddns.net:8888
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_file
DesbravadorUpdata.exe
-
install_folder
%AppData%
Signatures
-
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
-
Async RAT payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/3148-130-0x0000000000A60000-0x0000000000A72000-memory.dmp asyncrat -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
AsyncClient_Stub.exedescription pid process Token: SeDebugPrivilege 3148 AsyncClient_Stub.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3148-130-0x0000000000A60000-0x0000000000A72000-memory.dmpFilesize
72KB
-
memory/3148-131-0x0000000005C20000-0x0000000005CBC000-memory.dmpFilesize
624KB
-
memory/3148-132-0x0000000006270000-0x0000000006814000-memory.dmpFilesize
5.6MB
-
memory/3148-133-0x0000000005D30000-0x0000000005D96000-memory.dmpFilesize
408KB