asyncrat | 78b456a1aa4a53349336a991a107727c635bdbaa29ea6206964a28b781b19fd7

Analysis

max time kernel
161s
max time network
212s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
30-11-2022 15:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

78b456a1aa4a53349336a991a107727c635bdbaa29ea6206964a28b781b19fd7.exe
Size

550KB
MD5

a9da9c7246874c63c7ffe6eb591b0df2
SHA1

074659f935fec38036899d3fa862292f347c732e
SHA256

78b456a1aa4a53349336a991a107727c635bdbaa29ea6206964a28b781b19fd7
SHA512

4ae8db88e5bfec1f6a5008e003e72d21d00467161bd60674055a938a5775c9ee909a269a949713fa9cf2fd9476234a651279f57107ac5ac8f91fd2703607df07
SSDEEP

12288:2ucUSPMxbcHmoOYQhqs2VUlmA0VdYVxK:SU8MxYHTQhqs2T

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

195.174.142.168:4784

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
rat asyncrat

Async RAT payload 1 IoCs

rat

Processes:

resource	yara_rule
behavioral1/memory/868-56-0x0000000000650000-0x0000000000662000-memory.dmp	asyncrat

Modifies registry class 5 IoCs

Processes:

78b456a1aa4a53349336a991a107727c635bdbaa29ea6206964a28b781b19fd7.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\CID\{44005700-5200-5000-3100-540056005A00}	78b456a1aa4a53349336a991a107727c635bdbaa29ea6206964a28b781b19fd7.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\CID	78b456a1aa4a53349336a991a107727c635bdbaa29ea6206964a28b781b19fd7.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\CID\{44005700-5200-5000-3100-540056005A00}\1 = "bwQPdHLU60iz0rhkB76polXjM0judUYXrsxC+i23AspF9Mw/xakGLY5Gkr9T6NRNiOBbDrBcKpXxYRMFNlYQJOr8tXmWeo++7D7CQrQBQc7MVfq7CSLjS9yJH503oEP6Te1iRJst64wWPWW8uTYyHCgz/zTqr8N0lbeCaSEO/GR61sOkXLs3uK1dT/VJMKPxzuFf9d79GOD4LHTDJhXBQv/lUV4qMuvKK9d/4khnhhrtgwOXFYIG6HBtXib8MKeCOLcBV7aiso/xkb5gZBNnRzw6OrW/KVUVukuw4T8gx5zyrSZUnCv0n4ok579l9vNwfsx65xGQutX50jbBJr0wMVlt4QK/fWrW85vTDFZakVN7/lXch/XBp5hYB2xD4eWZi5QZmJxp43f6fxtKjOA/THg1Og5/E0TmmVMdMZVFFIOKePYH7tKOMHbuk3C3O4CMRXt7biiHyIYCCxgxjIBd+Q=="	78b456a1aa4a53349336a991a107727c635bdbaa29ea6206964a28b781b19fd7.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\CID\{61005900-2F00-4600-4F00-390053003900}	78b456a1aa4a53349336a991a107727c635bdbaa29ea6206964a28b781b19fd7.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\CID\{61005900-2F00-4600-4F00-390053003900}\1 = "NsDFMuCKvevrVRw8KMDTJPAkg+42OVrP5JEy537wz4PHtCLFPOZ36+/Af7biLdInBrATl4k1vvffJ54iJeb8QNhEWe0djgjYA0BJdkv1gueZXI/6K7KhG1jafmoNxJzvVAwr2JJ8nH7XyU/SfDi7Jz/d2SfzBxn4uGT68HGKVy0gQIhJwFiO+7/JRhI/EQj2"	78b456a1aa4a53349336a991a107727c635bdbaa29ea6206964a28b781b19fd7.exe

NTFS ADS 6 IoCs

Processes:

78b456a1aa4a53349336a991a107727c635bdbaa29ea6206964a28b781b19fd7.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Local\Temp:{44005700-5200-5000-3100-540056005A00}	78b456a1aa4a53349336a991a107727c635bdbaa29ea6206964a28b781b19fd7.exe
File created	C:\Users\Admin\Documents\My Music:{44005700-5200-5000-3100-540056005A00}	78b456a1aa4a53349336a991a107727c635bdbaa29ea6206964a28b781b19fd7.exe
File created	C:\MSOCache:{44005700-5200-5000-3100-540056005A00}	78b456a1aa4a53349336a991a107727c635bdbaa29ea6206964a28b781b19fd7.exe
File created	C:\Users\Admin\AppData\Local\Temp:{61005900-2F00-4600-4F00-390053003900}	78b456a1aa4a53349336a991a107727c635bdbaa29ea6206964a28b781b19fd7.exe
File created	C:\Users\Admin\Documents\My Music:{61005900-2F00-4600-4F00-390053003900}	78b456a1aa4a53349336a991a107727c635bdbaa29ea6206964a28b781b19fd7.exe
File created	C:\MSOCache:{61005900-2F00-4600-4F00-390053003900}	78b456a1aa4a53349336a991a107727c635bdbaa29ea6206964a28b781b19fd7.exe

C:\Users\Admin\AppData\Local\Temp\78b456a1aa4a53349336a991a107727c635bdbaa29ea6206964a28b781b19fd7.exe
"C:\Users\Admin\AppData\Local\Temp\78b456a1aa4a53349336a991a107727c635bdbaa29ea6206964a28b781b19fd7.exe"
1⤵
- Modifies registry class
- NTFS ADS
PID:868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/868-54-0x00000000013E0000-0x0000000001470000-memory.dmp

Filesize
576KB

Download
memory/868-55-0x00000000760C1000-0x00000000760C3000-memory.dmp

Filesize
8KB

Download
memory/868-56-0x0000000000650000-0x0000000000662000-memory.dmp

Filesize
72KB

Download