asyncrat | 78b456a1aa4a53349336a991a107727c635bdbaa29ea6206964a28b781b19fd7

Analysis

max time kernel
196s
max time network
236s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
30-11-2022 15:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

78b456a1aa4a53349336a991a107727c635bdbaa29ea6206964a28b781b19fd7.exe
Size

550KB
MD5

a9da9c7246874c63c7ffe6eb591b0df2
SHA1

074659f935fec38036899d3fa862292f347c732e
SHA256

78b456a1aa4a53349336a991a107727c635bdbaa29ea6206964a28b781b19fd7
SHA512

4ae8db88e5bfec1f6a5008e003e72d21d00467161bd60674055a938a5775c9ee909a269a949713fa9cf2fd9476234a651279f57107ac5ac8f91fd2703607df07
SSDEEP

12288:2ucUSPMxbcHmoOYQhqs2VUlmA0VdYVxK:SU8MxYHTQhqs2T

Score

10^/10

asyncrat rat

Malware Config

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
rat asyncrat

Modifies registry class 5 IoCs

Processes:

78b456a1aa4a53349336a991a107727c635bdbaa29ea6206964a28b781b19fd7.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\CID\{44005700-5200-5000-3100-540056005A00}	78b456a1aa4a53349336a991a107727c635bdbaa29ea6206964a28b781b19fd7.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\CID	78b456a1aa4a53349336a991a107727c635bdbaa29ea6206964a28b781b19fd7.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\CID\{44005700-5200-5000-3100-540056005A00}\1 = "bwQPdHLU60iz0rhkB76polXjM0judUYXrsxC+i23AspF9Mw/xakGLY5Gkr9T6NRNiOBbDrBcKpXxYRMFNlYQJOr8tXmWeo++7D7CQrQBQc7MVfq7CSLjS9yJH503oEP6Te1iRJst64wWPWW8uTYyHCgz/zTqr8N0lbeCaSEO/GR61sOkXLs3uK1dT/VJMKPxmL4LboxUveyyX0zVcCVYCiIk3TzBsS7lFfW+x+2Km06O7l5/kHI3xsUgiqK2PFw8bs0RSvLycAP0ALgZgf8OliNwnJWP2au7NWzZD1lFywFiSv9Meqw6vE6XBCY3wB6EB3cySoprM4DE46pPWmTShfv5Yg6U3L73nkG7YB6jw9BkFWh1nCHJvMZfLknIuRV/2lfGVGVxVqqHAQu9rja1MJq4081drrfJuNrlCbUwbUtrB+MsgqFoLvQy3Y07QCz6cZR/fGa8WwSJu1N/JlTDog=="	78b456a1aa4a53349336a991a107727c635bdbaa29ea6206964a28b781b19fd7.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\CID\{61005900-2F00-4600-4F00-390053003900}	78b456a1aa4a53349336a991a107727c635bdbaa29ea6206964a28b781b19fd7.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\CID\{61005900-2F00-4600-4F00-390053003900}\1 = "NsDFMuCKvevrVRw8KMDTJPAkg+42OVrP5JEy537wz4PHtCLFPOZ36+/Af7biLdInBrATl4k1vvffJ54iJeb8QNhEWe0djgjYA0BJdkv1gueZXI/6K7KhG1jafmoNxJzvVAwr2JJ8nH7XyU/SfDi7Jz/d2SfzBxn4uGT68HGKVy0gQIhJwFiO+7/JRhI/EQj2"	78b456a1aa4a53349336a991a107727c635bdbaa29ea6206964a28b781b19fd7.exe

NTFS ADS 6 IoCs

Processes:

78b456a1aa4a53349336a991a107727c635bdbaa29ea6206964a28b781b19fd7.exe

description	ioc	process
File created	C:\Users\Admin\Documents\My Music:{44005700-5200-5000-3100-540056005A00}	78b456a1aa4a53349336a991a107727c635bdbaa29ea6206964a28b781b19fd7.exe
File created	C:\odt:{44005700-5200-5000-3100-540056005A00}	78b456a1aa4a53349336a991a107727c635bdbaa29ea6206964a28b781b19fd7.exe
File created	C:\Users\Admin\AppData\Local\Temp:{61005900-2F00-4600-4F00-390053003900}	78b456a1aa4a53349336a991a107727c635bdbaa29ea6206964a28b781b19fd7.exe
File created	C:\Users\Admin\Documents\My Music:{61005900-2F00-4600-4F00-390053003900}	78b456a1aa4a53349336a991a107727c635bdbaa29ea6206964a28b781b19fd7.exe
File created	C:\odt:{61005900-2F00-4600-4F00-390053003900}	78b456a1aa4a53349336a991a107727c635bdbaa29ea6206964a28b781b19fd7.exe
File created	C:\Users\Admin\AppData\Local\Temp:{44005700-5200-5000-3100-540056005A00}	78b456a1aa4a53349336a991a107727c635bdbaa29ea6206964a28b781b19fd7.exe

C:\Users\Admin\AppData\Local\Temp\78b456a1aa4a53349336a991a107727c635bdbaa29ea6206964a28b781b19fd7.exe
"C:\Users\Admin\AppData\Local\Temp\78b456a1aa4a53349336a991a107727c635bdbaa29ea6206964a28b781b19fd7.exe"
1⤵
- Modifies registry class
- NTFS ADS
PID:1704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1704-132-0x0000000000310000-0x00000000003A0000-memory.dmp

Filesize
576KB

Download
memory/1704-133-0x0000000005380000-0x0000000005998000-memory.dmp

Filesize
6.1MB

Download
memory/1704-134-0x0000000004E60000-0x0000000004EC6000-memory.dmp

Filesize
408KB

Download
memory/1704-135-0x0000000005A70000-0x0000000005B3E000-memory.dmp

Filesize
824KB

Download