asyncrat | 600465b5abd64472a5ce757f02c010e92b3e71516c87b2d610ff388a18b4eaea

Analysis

max time kernel
174s
max time network
177s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29-01-2023 21:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

600465b5abd64472a5ce757f02c010e92b3e71516c87b2d610ff388a18b4eaea.exe
Size

421KB
MD5

572f50eb7c7d94afced99b0c1b8724d8
SHA1

f349f7568e665b8615fd4269ad6a39475bf0d70f
SHA256

600465b5abd64472a5ce757f02c010e92b3e71516c87b2d610ff388a18b4eaea
SHA512

0f8c0637fb2517a48dd05a96c04c3115f74cfda48ac43bbc755611760086c4734bd61291eed02f30986a3cb118dd90240795ad62b21bdae544d96d532a4bfd81
SSDEEP

12288:5T3eW7l7FGiMbhsAAW6BTx+MnxvzsK3T:5Tn8iMeWijG

Score

10^/10

asyncrat rat

Malware Config

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
rat asyncrat

Modifies registry class 5 IoCs

Processes:

600465b5abd64472a5ce757f02c010e92b3e71516c87b2d610ff388a18b4eaea.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\CID\{7A004D00-4F00-7200-5700-6D0030003900}	600465b5abd64472a5ce757f02c010e92b3e71516c87b2d610ff388a18b4eaea.exe
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\CID	600465b5abd64472a5ce757f02c010e92b3e71516c87b2d610ff388a18b4eaea.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\CID\{7A004D00-4F00-7200-5700-6D0030003900}\1 = "YkJgr72M98HaFp37v3EQDs5YiM4T4E1fclJ5ZeIfHjU0TwROj5d7FJwUaB41Brws1HsXaIVraLbbo273cT1lCG0POez5kxDSKT9mNN8aLj1JE3yYxxxvc0/ZyGQLhZc+2KbAcoQb15pB2owdIGtN4R4bGCnovaP9pGqDN/QMmwJHc13dVOHvHn8e1iBXpa+A9U+wQrIYSyz1Wy8YF1vKHZtoyRexX4hUGBktHPLYVk6eWBExBMeUk+zKIM0tEyn9TrtZlveYjfzfmbfUS8RyHU1uRzeBQw1vCyvdc6MjPd2tnGnjZlMLp7vT+CpteFQIy3/ehhVzhWtR7S3L/2o1NO16jImin7UsXGXaUbHjFR4xG4ynTS6cg5ZEWmcWwuT2bFHHRz5whrEx6l7ViNcpJlsuSZKrixd2LFz2GDnndV9UzbxqGY3MjinSiIQF9sn86PJ3m5w7uxfhPxtj5Ns0Fg=="	600465b5abd64472a5ce757f02c010e92b3e71516c87b2d610ff388a18b4eaea.exe
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\CID\{74007900-6A00-3900-4500-6E0073006500}	600465b5abd64472a5ce757f02c010e92b3e71516c87b2d610ff388a18b4eaea.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\CID\{74007900-6A00-3900-4500-6E0073006500}\1 = "85xdR7OkApYJrTppSzWYw9bdaULBNDlzKEtmL9nsTk4aQ55etJ+VwQj6+XTFfA5ep77sYngF2clmA0obCn9MNSnpjTJnACa/hkKw1/C1HEi8PjlLm4DwC+db2L6on02IHtF+P9B+CgN865arVzdVdUWhdRa7b3o49uwOTLJ6H186VBGThfXka1BSEyKQwrVg"	600465b5abd64472a5ce757f02c010e92b3e71516c87b2d610ff388a18b4eaea.exe

NTFS ADS 6 IoCs

Processes:

600465b5abd64472a5ce757f02c010e92b3e71516c87b2d610ff388a18b4eaea.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Local\Temp:{7A004D00-4F00-7200-5700-6D0030003900}	600465b5abd64472a5ce757f02c010e92b3e71516c87b2d610ff388a18b4eaea.exe
File created	C:\Users\Admin\Documents\My Music:{7A004D00-4F00-7200-5700-6D0030003900}	600465b5abd64472a5ce757f02c010e92b3e71516c87b2d610ff388a18b4eaea.exe
File created	C:\odt:{7A004D00-4F00-7200-5700-6D0030003900}	600465b5abd64472a5ce757f02c010e92b3e71516c87b2d610ff388a18b4eaea.exe
File created	C:\Users\Admin\AppData\Local\Temp:{74007900-6A00-3900-4500-6E0073006500}	600465b5abd64472a5ce757f02c010e92b3e71516c87b2d610ff388a18b4eaea.exe
File created	C:\Users\Admin\Documents\My Music:{74007900-6A00-3900-4500-6E0073006500}	600465b5abd64472a5ce757f02c010e92b3e71516c87b2d610ff388a18b4eaea.exe
File created	C:\odt:{74007900-6A00-3900-4500-6E0073006500}	600465b5abd64472a5ce757f02c010e92b3e71516c87b2d610ff388a18b4eaea.exe

C:\Users\Admin\AppData\Local\Temp\600465b5abd64472a5ce757f02c010e92b3e71516c87b2d610ff388a18b4eaea.exe
"C:\Users\Admin\AppData\Local\Temp\600465b5abd64472a5ce757f02c010e92b3e71516c87b2d610ff388a18b4eaea.exe"
1⤵
- Modifies registry class
- NTFS ADS
PID:4580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4580-132-0x0000000000D00000-0x0000000000D72000-memory.dmp

Filesize
456KB

Download
memory/4580-133-0x0000000005D60000-0x0000000006378000-memory.dmp

Filesize
6.1MB

Download
memory/4580-134-0x00000000057F0000-0x0000000005856000-memory.dmp

Filesize
408KB

Download
memory/4580-135-0x0000000006550000-0x000000000661E000-memory.dmp

Filesize
824KB

Download