asyncrat | 112bc23dbf145fb1c5c78e842b605a4da6202c9993114c7118fbdf902d6c7673 | Triage

Analysis

max time kernel
75s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
30-09-2022 18:08

Sharing

Report Analysis Logs

General

Target

bF3b.exe
Size

45KB
MD5

0a5956f7becedb614fb7fc192056f0c6
SHA1

1afa1a350707f41a114c0296ae53d7e0c24ed8c4
SHA256

112bc23dbf145fb1c5c78e842b605a4da6202c9993114c7118fbdf902d6c7673
SHA512

6032f3228cf07e7832687141535fef9c3ea3f17b50d3a87be6550a423af89bbfb6c6b5f4a4fc668525f96dd6e45c3c49310c544cca9ffd56a2c7971950ca6d86
SSDEEP

768:vuwCfTg46YbWUn8jjmo2qrDKjGKG6PIyzjbFgX3iqaUQUXtBDZSx:vuwCfTgp/2OKYDy3bCXStCdSx

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

0.tcp.ngrok.io:13857

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
rat asyncrat

Async RAT payload 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4180-132-0x0000000000370000-0x0000000000382000-memory.dmp	asyncrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

bF3b.exe

description pid process

Token: SeDebugPrivilege 4180 bF3b.exe

C:\Users\Admin\AppData\Local\Temp\bF3b.exe
"C:\Users\Admin\AppData\Local\Temp\bF3b.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4180-132-0x0000000000370000-0x0000000000382000-memory.dmp

Filesize
72KB

Download
memory/4180-133-0x0000000005680000-0x000000000571C000-memory.dmp

Filesize
624KB

Download
memory/4180-134-0x0000000005CD0000-0x0000000006274000-memory.dmp

Filesize
5.6MB

Download
memory/4180-135-0x0000000005790000-0x00000000057F6000-memory.dmp

Filesize
408KB

Download