asyncrat | aea1e7906f7c4c8736efd398ccb819a6739058ee2e0ee87cac29ac72d764ec29

Analysis

max time kernel
119s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
26-03-2023 12:20

Target

AsyncRAT v0.5.7B/AsyncRAT.exe
Size

6.4MB
MD5

36e71813a30b96f64943eb8cea2c52ec
SHA1

838f8938ff5f6e2daa8975bbd2af3e785bf4cd8b
SHA256

bb1f2c2c9b279790b67eaea6ab0bbce3a4d4432bbe1bd716750f2f9ba3337f7e
SHA512

953bc81e1f6c27763f84a1599cd92e3f30aed9217589b4c47bd0ca802df7ceff903e14f87a96f2247cde8e8ed0ebfa3dbd840abb6c243b798cc0a19791296b85
SSDEEP

98304:pKbPmDVa3VxobFOPN5xXhAqin130T+SrpC6xJJ33Je2mCrPkwy0hyv:I7aItPN5htinQfBHJDNscEv

Score

10^/10

asyncrat rat

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Async RAT payload 1 IoCs

rat

Processes:

resource	yara_rule
behavioral2/memory/2188-133-0x000001A5327B0000-0x000001A532E16000-memory.dmp	asyncrat

Suspicious behavior: EnumeratesProcesses 26 IoCs

Processes:

AsyncRAT.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

AsyncRAT.exe

pid process

2188 AsyncRAT.exe

Suspicious use of FindShellTrayWindow 43 IoCs

Processes:

AsyncRAT.exe

Suspicious use of SendNotifyMessage 2 IoCs

Processes:

AsyncRAT.exe

pid process

2188 AsyncRAT.exe
2188 AsyncRAT.exe

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:4932

memory/2188-133-0x000001A5327B0000-0x000001A532E16000-memory.dmp

Filesize
6.4MB

Download
memory/2188-134-0x000001A54D280000-0x000001A54D290000-memory.dmp

Filesize
64KB

Download
memory/2188-135-0x000001A54E4B0000-0x000001A54E4BA000-memory.dmp

Filesize
40KB

Download
memory/2188-136-0x000001A54D280000-0x000001A54D290000-memory.dmp

Filesize
64KB

Download
memory/2188-137-0x000001A54D280000-0x000001A54D290000-memory.dmp

Filesize
64KB

Download
memory/2188-138-0x000001A54D280000-0x000001A54D290000-memory.dmp

Filesize
64KB

Download
memory/2188-139-0x000001A550C20000-0x000001A550C32000-memory.dmp

Filesize
72KB

Download
memory/2188-141-0x000001A54D280000-0x000001A54D290000-memory.dmp

Filesize
64KB

Download
memory/2188-140-0x000001A54D280000-0x000001A54D290000-memory.dmp

Filesize
64KB

Download
memory/2188-151-0x000001A54D280000-0x000001A54D290000-memory.dmp

Filesize
64KB

Download
memory/2188-152-0x000001A54D280000-0x000001A54D290000-memory.dmp

Filesize
64KB

Download