asyncrat | c3f8df96d4515a89429a11ee022311b57ce350a39684f545b2ae66709922e926

Resubmissions

25-12-2022 18:55

221225-xkzz1sfb4v 10

25-12-2022 18:55

25-12-2022 18:54

25-12-2022 18:54

25-12-2022 18:40

17-12-2022 02:36

Analysis

max time kernel
28s
max time network
147s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
17-12-2022 02:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

xmO81svvwHqA.exe
Size

45KB
MD5

13aa6f896a759ea1c3e595f580934aec
SHA1

0ab85e31162fdbac0b80a92dd26bd44cc10858f8
SHA256

c3f8df96d4515a89429a11ee022311b57ce350a39684f545b2ae66709922e926
SHA512

153c36ed766e6442869c23e3ba2e313bce652b3dbd3bf148528b37879375a043750e93d3baafbc83cbda60d759cc3a6c3107d860b24794070511c5f402dd984b
SSDEEP

768:Pu/6ZTgoiziWUUM9rmo2qrjO5QyJ4PiNjPISzjbwgX3ibGfjHiuuYoIBDZrx:Pu/6ZTgle2IO52iKS3b3XSCjCundrx

Score

10^/10

asyncrat 12pjoa rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

12PJOA

4Mekey.myftp.biz:6606

4Mekey.myftp.biz:7707

4Mekey.myftp.biz:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
rat asyncrat

Async RAT payload 1 IoCs

rat

resource	yara_rule
behavioral1/memory/2000-54-0x0000000000230000-0x0000000000242000-memory.dmp	asyncrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2000	xmO81svvwHqA.exe

C:\Users\Admin\AppData\Local\Temp\xmO81svvwHqA.exe
"C:\Users\Admin\AppData\Local\Temp\xmO81svvwHqA.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2000-54-0x0000000000230000-0x0000000000242000-memory.dmp

Filesize
72KB

Download
memory/2000-55-0x00000000767B1000-0x00000000767B3000-memory.dmp

Filesize
8KB

Download