asyncrat | 81688b5e5a6893b2d7cc3a6456e6b8401718aae3e73927a228bad87dde6f0ea0

Analysis

max time kernel
143s
max time network
146s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
29-09-2022 18:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

reasyncdh.exe
Size

45KB
MD5

939a8ed97530b18e3cf20de5f75c75e3
SHA1

856ce101688ad33f88e250a902a1a91ca4234cc6
SHA256

81688b5e5a6893b2d7cc3a6456e6b8401718aae3e73927a228bad87dde6f0ea0
SHA512

2d750495f90edd14908bf8a838f77cf913cd92a6017129c88c0375a858907b7e78a2559fd2c002be55d75e0cc7081d98dd1892c9eaeb0306afb82a9b3bf547fe
SSDEEP

768:DuScq5TAYGTqWU8j+zmo2qL+Zolyc4PIXjjbegX3iKIWFZdStq3ZIUbmABDZDx:DuScq5TA5c2dWFXHbhXSBWFZso7dDx

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

petersonsherian7.duckdns.org:6739

petersonsherian7.duckdns.org:7301

petersonsherian7.duckdns.org:7808

petersonsherian7.duckdns.org:8333

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
rat asyncrat

Async RAT payload 1 IoCs

rat

Processes:

resource	yara_rule
behavioral2/memory/2688-146-0x0000000000C80000-0x0000000000C92000-memory.dmp	asyncrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

reasyncdh.exe

description pid process

Token: SeDebugPrivilege 2688 reasyncdh.exe

description	pid	process
Token: SeDebugPrivilege	2688	reasyncdh.exe

C:\Users\Admin\AppData\Local\Temp\reasyncdh.exe
"C:\Users\Admin\AppData\Local\Temp\reasyncdh.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2688-115-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-116-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-117-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-118-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-119-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-120-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-121-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-122-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-123-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-124-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-125-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-126-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-127-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-128-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-129-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-130-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-131-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-132-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-133-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-134-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-135-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-136-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-137-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-138-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-139-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-140-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-141-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-142-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-143-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-144-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-145-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-146-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2688-147-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-148-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-149-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-150-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-151-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-152-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-153-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-154-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-155-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-156-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-157-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-158-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-159-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-160-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-161-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-162-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-163-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-164-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-165-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-166-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-167-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-168-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-169-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-170-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-171-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-172-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-173-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-174-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-175-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-176-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-177-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-178-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-179-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2688-189-0x0000000005DD0000-0x0000000005E6C000-memory.dmp

Filesize
624KB

Download
memory/2688-190-0x0000000006370000-0x000000000686E000-memory.dmp

Filesize
5.0MB

Download
memory/2688-191-0x0000000005EE0000-0x0000000005F46000-memory.dmp

Filesize
408KB

Download