asyncrat | c6d336fca46844aaa8105be5e84673f8b738613056960fb11a6680f6bea559c1

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29-01-2023 21:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c6d336fca46844aaa8105be5e84673f8b738613056960fb11a6680f6bea559c1.exe
Size

436KB
MD5

5a4761887b5e583d5df6ed4a70941ff3
SHA1

de2d44b2768444e1245dcebce95f1c79da85e1d1
SHA256

c6d336fca46844aaa8105be5e84673f8b738613056960fb11a6680f6bea559c1
SHA512

e02acc99fbce1b93c6b2b7f8aade3ac43974670bc3d0141c1e47933a2b543b71b9a4b2987af1aa29759d3016dfe2c32066b7c3301e74e07e344cc2a6ffe7cda9
SSDEEP

6144:gBm3Tz5vkrsuiIBElglMoJEJEkHeSNpkyPp/DsoR4ieJo5Rwz7cZuBIKb:fxmDi5mlM+hkHeh6p/wokJo5RzuBX

Score

10^/10

asyncrat rat

Malware Config

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
rat asyncrat

Modifies registry class 5 IoCs

Processes:

c6d336fca46844aaa8105be5e84673f8b738613056960fb11a6680f6bea559c1.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\CID\{56005900-7700-2B00-6100-36002F004900}	c6d336fca46844aaa8105be5e84673f8b738613056960fb11a6680f6bea559c1.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\CID	c6d336fca46844aaa8105be5e84673f8b738613056960fb11a6680f6bea559c1.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\CID\{56005900-7700-2B00-6100-36002F004900}\1 = "MdzTYajs5wSm19JfnDZF3T6raiBV1a93RuM+YWnH7ys7a1N7kynBgJlus7HJajWX/lD9ftwJQFFspMSY2KqRhnBvAMCp35Tl3U3aJddrgrvv+YVGUaCyLQlWbmEcuDPb+nYJsJRyx384jGvExfC1baumMivyKTZ7F5GGf4iJHyMhDvG2GRgPpSemUkItfZEo0uTpxkogk00HWUfyWg7ZsQogZHFpZCXcrPAGPpkL2at46JNcfzzJow5lLWYTFXO8bN+n1HUsGYcLcc4P42NbrzpriCrZmSZZVMIi4ooYLULjO4cy0PWS9jUJf7zo+58kxodTmDpPBNOrHjluhY0cBg1L7Hpi14mPNafmUQAFYs6d+MiAGIPix8WvejcMa0LiQxeuQXSPRus10KJ2IMhtMkaDqLSNo7DNB/DVIwpiOgn3D8BNrt6x6NdlwjJLhBuDQgrF0JdxK+flsVqYb5zuiw=="	c6d336fca46844aaa8105be5e84673f8b738613056960fb11a6680f6bea559c1.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\CID\{6C006B00-6F00-4F00-6200-68006A007400}	c6d336fca46844aaa8105be5e84673f8b738613056960fb11a6680f6bea559c1.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\CID\{6C006B00-6F00-4F00-6200-68006A007400}\1 = "JdMVCqAvPyE/7mnUFPJ+N+F8SFQ0V8NQmaUJ9PlXv7S1K0TWOIMgRuRyH1tYVxFsIU03Vbp75DJWqXfBWPuvIC6/9X0339eJHAXWnHsGDduG9n+xTE+qJrysNjh7AjltULC3pUl3KFo/YAyA8eiEvO6/Gr1rER59/i8Jxp/nXbFOUsNzANqU0z60+RUt5eoX"	c6d336fca46844aaa8105be5e84673f8b738613056960fb11a6680f6bea559c1.exe

NTFS ADS 6 IoCs

Processes:

c6d336fca46844aaa8105be5e84673f8b738613056960fb11a6680f6bea559c1.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Local\Temp:{56005900-7700-2B00-6100-36002F004900}	c6d336fca46844aaa8105be5e84673f8b738613056960fb11a6680f6bea559c1.exe
File created	C:\Users\Admin\Documents\My Music:{56005900-7700-2B00-6100-36002F004900}	c6d336fca46844aaa8105be5e84673f8b738613056960fb11a6680f6bea559c1.exe
File created	C:\odt:{56005900-7700-2B00-6100-36002F004900}	c6d336fca46844aaa8105be5e84673f8b738613056960fb11a6680f6bea559c1.exe
File created	C:\Users\Admin\AppData\Local\Temp:{6C006B00-6F00-4F00-6200-68006A007400}	c6d336fca46844aaa8105be5e84673f8b738613056960fb11a6680f6bea559c1.exe
File created	C:\Users\Admin\Documents\My Music:{6C006B00-6F00-4F00-6200-68006A007400}	c6d336fca46844aaa8105be5e84673f8b738613056960fb11a6680f6bea559c1.exe
File created	C:\odt:{6C006B00-6F00-4F00-6200-68006A007400}	c6d336fca46844aaa8105be5e84673f8b738613056960fb11a6680f6bea559c1.exe

C:\Users\Admin\AppData\Local\Temp\c6d336fca46844aaa8105be5e84673f8b738613056960fb11a6680f6bea559c1.exe
"C:\Users\Admin\AppData\Local\Temp\c6d336fca46844aaa8105be5e84673f8b738613056960fb11a6680f6bea559c1.exe"
1⤵
- Modifies registry class
- NTFS ADS
PID:2248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2248-132-0x0000000000370000-0x00000000003E6000-memory.dmp

Filesize
472KB

Download
memory/2248-133-0x00000000053D0000-0x00000000059E8000-memory.dmp

Filesize
6.1MB

Download
memory/2248-134-0x0000000004E70000-0x0000000004ED6000-memory.dmp

Filesize
408KB

Download
memory/2248-135-0x0000000005BC0000-0x0000000005C8E000-memory.dmp

Filesize
824KB

Download