asyncrat | 7bb432c0ac0cf65de6c795685a41b1478f9d979e2b05bd9c8fb11725f9942e01 | Triage

Analysis

max time kernel
159s
max time network
169s
platform
windows7_x64
resource
win7-20220715-en
resource tags

arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
submitted
10-08-2022 11:00

Sharing

Report Analysis Logs

General

Target

pack/AfDTM.exe
Size

47KB
MD5

81a1f53a7e0431c385b3537c9e86e9ca
SHA1

fee349b7f96843c91ed47a19f9aa2f58520ddb1c
SHA256

c47cc8f39a3d676895f1bbb92f94d50d5e5d20f7be816b76c09b08cef4d380a7
SHA512

626f5d74a98e3b8cc8f3be3ea7d5611918731a35331dad3603d18426cefd694e6d66b46fb277c46300792c3da930022fc6db28afb68a6e9e4d974a90c9e091c4

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

192.168.1.4:8848

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
rat asyncrat

Async RAT payload 1 IoCs

Processes:

resource	yara_rule
behavioral15/memory/2024-54-0x0000000000C40000-0x0000000000C52000-memory.dmp	asyncrat

C:\Users\Admin\AppData\Local\Temp\pack\AfDTM.exe
"C:\Users\Admin\AppData\Local\Temp\pack\AfDTM.exe"
1⤵
PID:2024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2024-54-0x0000000000C40000-0x0000000000C52000-memory.dmp

Filesize
72KB

Download