asyncrat | 19fbd654e6dc76fc4a55bbc3c5dccc866d654c1609f8b72a130bd687d11f6198

Resubmissions

26-11-2022 09:08

26-11-2022 09:06

26-11-2022 08:56

max time kernel
43s
max time network
151s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
26-11-2022 08:56

Target

2dee6cc5f17ee1ec0c242ed80d7915d9.exe
Size

51KB
MD5

2dee6cc5f17ee1ec0c242ed80d7915d9
SHA1

bb1dd0e46e91c777d09bbbb2836a8f4f353776f3
SHA256

19fbd654e6dc76fc4a55bbc3c5dccc866d654c1609f8b72a130bd687d11f6198
SHA512

3a85dc2828b049aa9a2fe3f81f4e4a328f32fb9f848e7bf146f03ff326cf045fce4a0f72d2c263e3fe4d1dc27dc1389acefde961b092171715f7e6f8388ea9cc
SSDEEP

768:rVLY/OU+8FdcmRdH70KbyMka++wo79EbJISuFh177jbfgQKiqNAKMHSaReyx:rVLY/OUfV08YbJIdnboQlqNApFReyx

Score

10^/10

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

New Crypt

aboreda.linkpc.net:6666

Mutex

AsyncMutex_6SI8OkPnk

Attributes

aes.plain

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
rat asyncrat

Async RAT payload 1 IoCs

rat

Processes:

resource	yara_rule
behavioral1/memory/1208-54-0x0000000000CA0000-0x0000000000CB2000-memory.dmp	asyncrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

2dee6cc5f17ee1ec0c242ed80d7915d9.exe

description pid process

Token: SeDebugPrivilege 1208 2dee6cc5f17ee1ec0c242ed80d7915d9.exe

description	pid	process
Token: SeDebugPrivilege	1208	2dee6cc5f17ee1ec0c242ed80d7915d9.exe

C:\Users\Admin\AppData\Local\Temp\2dee6cc5f17ee1ec0c242ed80d7915d9.exe
"C:\Users\Admin\AppData\Local\Temp\2dee6cc5f17ee1ec0c242ed80d7915d9.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1208

memory/1208-54-0x0000000000CA0000-0x0000000000CB2000-memory.dmp

Filesize
72KB

Download
memory/1208-55-0x0000000075D01000-0x0000000075D03000-memory.dmp

Filesize
8KB

Download