asyncrat | c6d336fca46844aaa8105be5e84673f8b738613056960fb11a6680f6bea559c1

Analysis

max time kernel
149s
max time network
46s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29-01-2023 21:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c6d336fca46844aaa8105be5e84673f8b738613056960fb11a6680f6bea559c1.exe
Size

436KB
MD5

5a4761887b5e583d5df6ed4a70941ff3
SHA1

de2d44b2768444e1245dcebce95f1c79da85e1d1
SHA256

c6d336fca46844aaa8105be5e84673f8b738613056960fb11a6680f6bea559c1
SHA512

e02acc99fbce1b93c6b2b7f8aade3ac43974670bc3d0141c1e47933a2b543b71b9a4b2987af1aa29759d3016dfe2c32066b7c3301e74e07e344cc2a6ffe7cda9
SSDEEP

6144:gBm3Tz5vkrsuiIBElglMoJEJEkHeSNpkyPp/DsoR4ieJo5Rwz7cZuBIKb:fxmDi5mlM+hkHeh6p/wokJo5RzuBX

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

127.0.0.1:82

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
rat asyncrat

Async RAT payload 1 IoCs

rat

Processes:

resource	yara_rule
behavioral1/memory/956-56-0x00000000004D0000-0x00000000004E2000-memory.dmp	asyncrat

Modifies registry class 5 IoCs

Processes:

c6d336fca46844aaa8105be5e84673f8b738613056960fb11a6680f6bea559c1.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\CID\{56005900-7700-2B00-6100-36002F004900}\1 = "MdzTYajs5wSm19JfnDZF3T6raiBV1a93RuM+YWnH7ys7a1N7kynBgJlus7HJajWX/lD9ftwJQFFspMSY2KqRhnBvAMCp35Tl3U3aJddrgrvv+YVGUaCyLQlWbmEcuDPb+nYJsJRyx384jGvExfC1baumMivyKTZ7F5GGf4iJHyMhDvG2GRgPpSemUkItfZEo8v+eCT1WjhLSiEMImDvC983SN+owxGUrkV3l/IDNxFNlPvg+/uph9M+widrd3SvmFTQvkb6Isd2mc/fMf25eTk4CkvUQ6OD0HU1S/MVwGDxrmMxvCxhOgSg0I1Ov+ilstrhQ7pvCOLUcd2Jm75zISEj6C0f8BJLEqNS/FbVMt8pcw3nWlYEiZTluw4YdYqaaPr3s68bTV4Hu3NBLE0NEQKFqD9cSoZ1PMGDx116jixfQy8xl/G7mOciMhLAGx4XocpcJCbVOacfTeB9zrc4hog=="	c6d336fca46844aaa8105be5e84673f8b738613056960fb11a6680f6bea559c1.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\CID\{6C006B00-6F00-4F00-6200-68006A007400}	c6d336fca46844aaa8105be5e84673f8b738613056960fb11a6680f6bea559c1.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\CID\{6C006B00-6F00-4F00-6200-68006A007400}\1 = "JdMVCqAvPyE/7mnUFPJ+N+F8SFQ0V8NQmaUJ9PlXv7S1K0TWOIMgRuRyH1tYVxFsIU03Vbp75DJWqXfBWPuvIC6/9X0339eJHAXWnHsGDduG9n+xTE+qJrysNjh7AjltULC3pUl3KFo/YAyA8eiEvO6/Gr1rER59/i8Jxp/nXbFOUsNzANqU0z60+RUt5eoX"	c6d336fca46844aaa8105be5e84673f8b738613056960fb11a6680f6bea559c1.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\CID\{56005900-7700-2B00-6100-36002F004900}	c6d336fca46844aaa8105be5e84673f8b738613056960fb11a6680f6bea559c1.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\CID	c6d336fca46844aaa8105be5e84673f8b738613056960fb11a6680f6bea559c1.exe

NTFS ADS 6 IoCs

Processes:

c6d336fca46844aaa8105be5e84673f8b738613056960fb11a6680f6bea559c1.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Local\Temp:{56005900-7700-2B00-6100-36002F004900}	c6d336fca46844aaa8105be5e84673f8b738613056960fb11a6680f6bea559c1.exe
File created	C:\Users\Admin\Documents\My Music:{56005900-7700-2B00-6100-36002F004900}	c6d336fca46844aaa8105be5e84673f8b738613056960fb11a6680f6bea559c1.exe
File created	C:\MSOCache:{56005900-7700-2B00-6100-36002F004900}	c6d336fca46844aaa8105be5e84673f8b738613056960fb11a6680f6bea559c1.exe
File created	C:\Users\Admin\AppData\Local\Temp:{6C006B00-6F00-4F00-6200-68006A007400}	c6d336fca46844aaa8105be5e84673f8b738613056960fb11a6680f6bea559c1.exe
File created	C:\Users\Admin\Documents\My Music:{6C006B00-6F00-4F00-6200-68006A007400}	c6d336fca46844aaa8105be5e84673f8b738613056960fb11a6680f6bea559c1.exe
File created	C:\MSOCache:{6C006B00-6F00-4F00-6200-68006A007400}	c6d336fca46844aaa8105be5e84673f8b738613056960fb11a6680f6bea559c1.exe

C:\Users\Admin\AppData\Local\Temp\c6d336fca46844aaa8105be5e84673f8b738613056960fb11a6680f6bea559c1.exe
"C:\Users\Admin\AppData\Local\Temp\c6d336fca46844aaa8105be5e84673f8b738613056960fb11a6680f6bea559c1.exe"
1⤵
- Modifies registry class
- NTFS ADS
PID:956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/956-54-0x0000000000FF0000-0x0000000001066000-memory.dmp

Filesize
472KB

Download
memory/956-55-0x0000000076561000-0x0000000076563000-memory.dmp

Filesize
8KB

Download
memory/956-56-0x00000000004D0000-0x00000000004E2000-memory.dmp

Filesize
72KB

Download