asyncrat | 4dcd2aad08421c015385dbf0362c4a7d8b19965ab76286bf54544cd2911c9c38

Analysis

max time kernel
145s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
29-01-2023 21:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4dcd2aad08421c015385dbf0362c4a7d8b19965ab76286bf54544cd2911c9c38.exe
Size

439KB
MD5

2de9b06d5ebbb7a1377efd8905df7183
SHA1

a368b2ba8a490dcdb9bf9fd8708823f0965399ad
SHA256

4dcd2aad08421c015385dbf0362c4a7d8b19965ab76286bf54544cd2911c9c38
SHA512

f58302cd473f9eb8817fa5a5bf67f7a2256c8a80fe1f9677024cbf6ed2e155dec650600bea5147eb7cf1285c28a10af4503bb0331993f96d08f027491195abb8
SSDEEP

6144:9i8kNiu6bDTdNRd/CThYY1x8er3nknxUyQ8FKWJoTDRWsFHOG/6x/sk:9iVHlkztFDJoTlWxGix/

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

127.0.0.1:81

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
rat asyncrat

Async RAT payload 1 IoCs

rat

Processes:

resource	yara_rule
behavioral1/memory/2008-56-0x00000000008F0000-0x0000000000902000-memory.dmp	asyncrat

Modifies registry class 5 IoCs

Processes:

4dcd2aad08421c015385dbf0362c4a7d8b19965ab76286bf54544cd2911c9c38.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\CID\{2B005300-3900-6100-6700-7A0036006900}	4dcd2aad08421c015385dbf0362c4a7d8b19965ab76286bf54544cd2911c9c38.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\CID	4dcd2aad08421c015385dbf0362c4a7d8b19965ab76286bf54544cd2911c9c38.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\CID\{2B005300-3900-6100-6700-7A0036006900}\1 = "E5O8RMxnOqZ7p04XBm2vawxLi1zmg9XizCB6moiWD9GeLB2OURMS0NBiQQhvCpGDuj4wFrp23nl4mELgtDmvZk7tBRFbGBzmj6HsBg8BlTIEG76kmp96dHfUt3KYg/IOxX1YuP5ItW99dlW1pkPy6TFwpqYblk6yadw7evjh5abHPh0ZSkddFwkJ+r1frkPxK0Vf6VnWFv6sZr8TWzzk4xj/8i4LG1vyN5VO2zYQvHVgFLF0s/+ESTUkXHWf3b09vogHK/BTKgJO17gPqfJTf8czlIo+Yya7cJgT/PriqPDNWirrWnnnnVS/7W0hcU91C2n/KRfdCEP8S1fvKgXsuuU/7ch7yMCoPaL+iX4JzeyHAkvYpkAxyVvDBccZx3PP93EX5/K5Gu2bjxJ5qDOjSB0CpLh5EFLZsOsKceGAuUVXYYIqq5fQOKjH5843jp9VDroZgL/VA/OfV2J/5JQvHQ=="	4dcd2aad08421c015385dbf0362c4a7d8b19965ab76286bf54544cd2911c9c38.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\CID\{56004B00-6300-7000-5300-440037002F00}	4dcd2aad08421c015385dbf0362c4a7d8b19965ab76286bf54544cd2911c9c38.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\CID\{56004B00-6300-7000-5300-440037002F00}\1 = "8Q0th+9i/0GsFKhwfJPynPTvRKtlyM/Kk2NOlCzjWnqNyJdxuvySnpR30VZb3q0VNILRy4rjGcPJuCb+JuObhgyOrfWiogRFSfjTAQLiy+q7bHwVhgCQIGh93x5LFYLKl3ahURFOL1ivDQEH/soDVzHFSMqYv5TwG/TzN171XjXcoRrdf0dNQYH89XjWM6tc"	4dcd2aad08421c015385dbf0362c4a7d8b19965ab76286bf54544cd2911c9c38.exe

NTFS ADS 6 IoCs

Processes:

4dcd2aad08421c015385dbf0362c4a7d8b19965ab76286bf54544cd2911c9c38.exe

description	ioc	process
File created	C:\MSOCache:{2B005300-3900-6100-6700-7A0036006900}	4dcd2aad08421c015385dbf0362c4a7d8b19965ab76286bf54544cd2911c9c38.exe
File created	C:\Users\Admin\AppData\Local\Temp:{56004B00-6300-7000-5300-440037002F00}	4dcd2aad08421c015385dbf0362c4a7d8b19965ab76286bf54544cd2911c9c38.exe
File created	C:\Users\Admin\Documents\My Music:{56004B00-6300-7000-5300-440037002F00}	4dcd2aad08421c015385dbf0362c4a7d8b19965ab76286bf54544cd2911c9c38.exe
File created	C:\MSOCache:{56004B00-6300-7000-5300-440037002F00}	4dcd2aad08421c015385dbf0362c4a7d8b19965ab76286bf54544cd2911c9c38.exe
File created	C:\Users\Admin\AppData\Local\Temp:{2B005300-3900-6100-6700-7A0036006900}	4dcd2aad08421c015385dbf0362c4a7d8b19965ab76286bf54544cd2911c9c38.exe
File created	C:\Users\Admin\Documents\My Music:{2B005300-3900-6100-6700-7A0036006900}	4dcd2aad08421c015385dbf0362c4a7d8b19965ab76286bf54544cd2911c9c38.exe

C:\Users\Admin\AppData\Local\Temp\4dcd2aad08421c015385dbf0362c4a7d8b19965ab76286bf54544cd2911c9c38.exe
"C:\Users\Admin\AppData\Local\Temp\4dcd2aad08421c015385dbf0362c4a7d8b19965ab76286bf54544cd2911c9c38.exe"
1⤵
- Modifies registry class
- NTFS ADS
PID:2008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2008-54-0x0000000000BD0000-0x0000000000C46000-memory.dmp

Filesize
472KB

Download
memory/2008-55-0x00000000760D1000-0x00000000760D3000-memory.dmp

Filesize
8KB

Download
memory/2008-56-0x00000000008F0000-0x0000000000902000-memory.dmp

Filesize
72KB

Download