asyncrat | d066567573edf4a8865b30c6fa19b5f782caac4f5543bcf0ee0b8add8c8ef82b

Analysis

max time kernel
150s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
29-01-2023 21:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d066567573edf4a8865b30c6fa19b5f782caac4f5543bcf0ee0b8add8c8ef82b.exe
Size

390KB
MD5

ae9f09ac2801dcbd6012b5279273b590
SHA1

263d554177b94b79ab456124572e00600e19fa7d
SHA256

d066567573edf4a8865b30c6fa19b5f782caac4f5543bcf0ee0b8add8c8ef82b
SHA512

ed04ef4f92446bf587a926860aaee59b7927385f832e7ba9eef1a6428f648fecd94b16da48c3804fe6d432ef6239f630038cf7528bbe172122f64167eabc0e75
SSDEEP

12288:/GXyk1+aJsZzf86YL8EwwIXNGIzL8YT1:+ikoaJsZg6YLJSdf1

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

127.0.0.1:81

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
rat asyncrat

Async RAT payload 1 IoCs

rat

Processes:

resource	yara_rule
behavioral1/memory/944-56-0x0000000000550000-0x0000000000562000-memory.dmp	asyncrat

Modifies registry class 5 IoCs

Processes:

d066567573edf4a8865b30c6fa19b5f782caac4f5543bcf0ee0b8add8c8ef82b.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\CID\{63004100-5700-5A00-6E00-630069006C00}	d066567573edf4a8865b30c6fa19b5f782caac4f5543bcf0ee0b8add8c8ef82b.exe
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\CID	d066567573edf4a8865b30c6fa19b5f782caac4f5543bcf0ee0b8add8c8ef82b.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\CID\{63004100-5700-5A00-6E00-630069006C00}\1 = "MNf0Yy49451orla+c0GDaTY+zFf0VE1nlfiyp0kmNNMh0xFrxAyI4uQsjoH5bWiujCCOSbowf1oNKPxKcXdNYi19x8jWUvdemTwC2iVDtCPVIZS0dji17rPTL+Z9E4AxZrIAVhlH33QbPmzRNHgbpOim6C+YXqXwhoEUKfaUifzL/0eCGSrPz8druezOOKqwv/BI9AEGQrOlZuBGUPHozXE+4CZ97A2qrY0QVQWcB6ZYrgnZUYj5uZdXzw02vlgaIQQmM/upjEx9jxfUXCIBawm8f3t57Om6TEcjWfC/k82rQEVycamqF1uibXmVFnbY4u8H9B2hH0p3N6v8KTaL/6/wLmXhIusd342IVaJ0JLUat2mu5sRr17I5AC7EsGER05q1rEOva9owwzMPI0fQdF7P1QxMhnzjtad3JJdvzAtqMuHG7sG12qSYWVBzjLobMPcDhZdhdnnrdD2YfuiExQ=="	d066567573edf4a8865b30c6fa19b5f782caac4f5543bcf0ee0b8add8c8ef82b.exe
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\CID\{49007000-3200-3500-4800-7A0045004E00}	d066567573edf4a8865b30c6fa19b5f782caac4f5543bcf0ee0b8add8c8ef82b.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\CID\{49007000-3200-3500-4800-7A0045004E00}\1 = "wrdGAVlUfAJ0VuYt6OVTjqvKZekr3LNO2fIv45OSkWFPgH3lEWWSIHu07puKBFRiXZ2WnJ7foY2JDOnjCHtSIoDRtKN2+NABHgve/fT5jRAhhq5knOPEmvPuLz9w4p10E1v3UrTRp+DJNMZOc+t6Zk3xG4SaVH6oFmnyc5bMX6MUTWDP3UglQ5Txtv0KJL5t"	d066567573edf4a8865b30c6fa19b5f782caac4f5543bcf0ee0b8add8c8ef82b.exe

NTFS ADS 6 IoCs

Processes:

d066567573edf4a8865b30c6fa19b5f782caac4f5543bcf0ee0b8add8c8ef82b.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Local\Temp:{63004100-5700-5A00-6E00-630069006C00}	d066567573edf4a8865b30c6fa19b5f782caac4f5543bcf0ee0b8add8c8ef82b.exe
File created	C:\Users\Admin\Documents\My Music:{63004100-5700-5A00-6E00-630069006C00}	d066567573edf4a8865b30c6fa19b5f782caac4f5543bcf0ee0b8add8c8ef82b.exe
File created	C:\MSOCache:{63004100-5700-5A00-6E00-630069006C00}	d066567573edf4a8865b30c6fa19b5f782caac4f5543bcf0ee0b8add8c8ef82b.exe
File created	C:\Users\Admin\AppData\Local\Temp:{49007000-3200-3500-4800-7A0045004E00}	d066567573edf4a8865b30c6fa19b5f782caac4f5543bcf0ee0b8add8c8ef82b.exe
File created	C:\Users\Admin\Documents\My Music:{49007000-3200-3500-4800-7A0045004E00}	d066567573edf4a8865b30c6fa19b5f782caac4f5543bcf0ee0b8add8c8ef82b.exe
File created	C:\MSOCache:{49007000-3200-3500-4800-7A0045004E00}	d066567573edf4a8865b30c6fa19b5f782caac4f5543bcf0ee0b8add8c8ef82b.exe

C:\Users\Admin\AppData\Local\Temp\d066567573edf4a8865b30c6fa19b5f782caac4f5543bcf0ee0b8add8c8ef82b.exe
"C:\Users\Admin\AppData\Local\Temp\d066567573edf4a8865b30c6fa19b5f782caac4f5543bcf0ee0b8add8c8ef82b.exe"
1⤵
- Modifies registry class
- NTFS ADS
PID:944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/944-54-0x0000000000150000-0x00000000001BA000-memory.dmp

Filesize
424KB

Download
memory/944-55-0x0000000076411000-0x0000000076413000-memory.dmp

Filesize
8KB

Download
memory/944-56-0x0000000000550000-0x0000000000562000-memory.dmp

Filesize
72KB

Download