asyncrat | 7c3230c3dc2019632a2cdbe9957ffca4c4c9fd92d8aa703258e84e09d523f81a

Analysis

max time kernel
147s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29-01-2023 21:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7c3230c3dc2019632a2cdbe9957ffca4c4c9fd92d8aa703258e84e09d523f81a.exe
Size

422KB
MD5

56fa6c6dad1fd45f0a221bd90350ad93
SHA1

671dc326e0d8069b2ad9b1c5afd51aa5538be835
SHA256

7c3230c3dc2019632a2cdbe9957ffca4c4c9fd92d8aa703258e84e09d523f81a
SHA512

617b9e8124f0b4cca3cdf16d0d227b662ef83160df9c5269cedfe000940130b43fffceaa24efbd2d3d69961a62b5d904206b2b011d0e82f95b9efe1f1ff2d7be
SSDEEP

12288:lgGwvmTkgAGi/bhlZF8znTzVBE3Hx/EqjU:eGRHi//n8TTzfEx

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

127.0.0.1:81

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
rat asyncrat

Async RAT payload 1 IoCs

rat

Processes:

resource	yara_rule
behavioral1/memory/1780-56-0x00000000004D0000-0x00000000004E2000-memory.dmp	asyncrat

Modifies registry class 5 IoCs

Processes:

7c3230c3dc2019632a2cdbe9957ffca4c4c9fd92d8aa703258e84e09d523f81a.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\CID\{7A004D00-4F00-7200-5700-6D0030003900}	7c3230c3dc2019632a2cdbe9957ffca4c4c9fd92d8aa703258e84e09d523f81a.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\CID	7c3230c3dc2019632a2cdbe9957ffca4c4c9fd92d8aa703258e84e09d523f81a.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\CID\{7A004D00-4F00-7200-5700-6D0030003900}\1 = "YkJgr72M98HaFp37v3EQDs5YiM4T4E1fclJ5ZeIfHjU0TwROj5d7FJwUaB41Brws1HsXaIVraLbbo273cT1lCG0POez5kxDSKT9mNN8aLj1JE3yYxxxvc0/ZyGQLhZc+2KbAcoQb15pB2owdIGtN4R4bGCnovaP9pGqDN/QMmwJHc13dVOHvHn8e1iBXpa+AdJU4szGdv1a9YfmQTMoGxvWUpL1e/PSZTCn5qbagrIA6zEoQRfl7pwZ9K2IDOf4/KrUfuR1rxbEo7GlCor5QDdU9GMtQngV0c7jIZI3IQlnDOHxQ3oK+82jAyR6Nqcbhur/Tq01Qta+OyQ5pzX8XxLc00BTlDwJ6LTKv0rIr35EPvX7a0XJfWrayc0CcvCRiHl5KvhmiuolZr1DixdQ20W8kUpgl0+M/Rdv9O1qIs/nqcHQDd9qp8bHO706eI0HQe1yEh1inlFA0nryvxGfDPQ=="	7c3230c3dc2019632a2cdbe9957ffca4c4c9fd92d8aa703258e84e09d523f81a.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\CID\{74007900-6A00-3900-4500-6E0073006500}	7c3230c3dc2019632a2cdbe9957ffca4c4c9fd92d8aa703258e84e09d523f81a.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\CID\{74007900-6A00-3900-4500-6E0073006500}\1 = "85xdR7OkApYJrTppSzWYw9bdaULBNDlzKEtmL9nsTk4aQ55etJ+VwQj6+XTFfA5ep77sYngF2clmA0obCn9MNSnpjTJnACa/hkKw1/C1HEi8PjlLm4DwC+db2L6on02IHtF+P9B+CgN865arVzdVdUWhdRa7b3o49uwOTLJ6H186VBGThfXka1BSEyKQwrVg"	7c3230c3dc2019632a2cdbe9957ffca4c4c9fd92d8aa703258e84e09d523f81a.exe

NTFS ADS 6 IoCs

Processes:

7c3230c3dc2019632a2cdbe9957ffca4c4c9fd92d8aa703258e84e09d523f81a.exe

description	ioc	process
File created	C:\MSOCache:{7A004D00-4F00-7200-5700-6D0030003900}	7c3230c3dc2019632a2cdbe9957ffca4c4c9fd92d8aa703258e84e09d523f81a.exe
File created	C:\Users\Admin\AppData\Local\Temp:{74007900-6A00-3900-4500-6E0073006500}	7c3230c3dc2019632a2cdbe9957ffca4c4c9fd92d8aa703258e84e09d523f81a.exe
File created	C:\Users\Admin\Documents\My Music:{74007900-6A00-3900-4500-6E0073006500}	7c3230c3dc2019632a2cdbe9957ffca4c4c9fd92d8aa703258e84e09d523f81a.exe
File created	C:\MSOCache:{74007900-6A00-3900-4500-6E0073006500}	7c3230c3dc2019632a2cdbe9957ffca4c4c9fd92d8aa703258e84e09d523f81a.exe
File created	C:\Users\Admin\AppData\Local\Temp:{7A004D00-4F00-7200-5700-6D0030003900}	7c3230c3dc2019632a2cdbe9957ffca4c4c9fd92d8aa703258e84e09d523f81a.exe
File created	C:\Users\Admin\Documents\My Music:{7A004D00-4F00-7200-5700-6D0030003900}	7c3230c3dc2019632a2cdbe9957ffca4c4c9fd92d8aa703258e84e09d523f81a.exe

C:\Users\Admin\AppData\Local\Temp\7c3230c3dc2019632a2cdbe9957ffca4c4c9fd92d8aa703258e84e09d523f81a.exe
"C:\Users\Admin\AppData\Local\Temp\7c3230c3dc2019632a2cdbe9957ffca4c4c9fd92d8aa703258e84e09d523f81a.exe"
1⤵
- Modifies registry class
- NTFS ADS
PID:1780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1780-54-0x00000000001C0000-0x0000000000232000-memory.dmp

Filesize
456KB

Download
memory/1780-55-0x00000000762F1000-0x00000000762F3000-memory.dmp

Filesize
8KB

Download
memory/1780-56-0x00000000004D0000-0x00000000004E2000-memory.dmp

Filesize
72KB

Download