Malware Analysis Report

2025-08-06 03:44

Sample ID 230501-hlan7aef74
Target 1192-55-0x0000000028060000-0x0000000028072000-memory.dmp
SHA256 b07ae0238af6bcb22b3b9d10c5fda6eef590c2316bb79bb65eb4ecd4af3496c9
Tags
asyncrat default rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b07ae0238af6bcb22b3b9d10c5fda6eef590c2316bb79bb65eb4ecd4af3496c9

Threat Level: Known bad

The file 1192-55-0x0000000028060000-0x0000000028072000-memory.dmp was found to be: Known bad.

Malicious Activity Summary

asyncrat default rat

AsyncRat

Async RAT payload

Asyncrat family

Async RAT payload

Unsigned PE

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-05-01 06:48

Signatures

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

Asyncrat family

asyncrat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-05-01 06:48

Reported

2023-05-01 06:51

Platform

win7-20230220-en

Max time kernel

31s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1192-55-0x0000000028060000-0x0000000028072000-memory.exe"

Signatures

AsyncRat

rat asyncrat

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1192-55-0x0000000028060000-0x0000000028072000-memory.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1192-55-0x0000000028060000-0x0000000028072000-memory.exe

"C:\Users\Admin\AppData\Local\Temp\1192-55-0x0000000028060000-0x0000000028072000-memory.exe"

Network

Country Destination Domain Proto
US 45.81.243.217:8808 tcp

Files

memory/1996-54-0x0000000000ED0000-0x0000000000EE2000-memory.dmp

memory/1996-55-0x0000000000540000-0x0000000000580000-memory.dmp

memory/1996-73-0x0000000000540000-0x0000000000580000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-05-01 06:48

Reported

2023-05-01 06:51

Platform

win10v2004-20230220-en

Max time kernel

100s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1192-55-0x0000000028060000-0x0000000028072000-memory.exe"

Signatures

AsyncRat

rat asyncrat

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1192-55-0x0000000028060000-0x0000000028072000-memory.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1192-55-0x0000000028060000-0x0000000028072000-memory.exe

"C:\Users\Admin\AppData\Local\Temp\1192-55-0x0000000028060000-0x0000000028072000-memory.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 45.81.243.217:8808 tcp
US 8.8.8.8:53 217.243.81.45.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 52.152.110.14:443 tcp
US 52.152.110.14:443 tcp
US 8.8.8.8:53 1.77.109.52.in-addr.arpa udp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 52.152.110.14:443 tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
NL 173.223.113.164:443 tcp

Files

memory/396-133-0x0000000000710000-0x0000000000722000-memory.dmp

memory/396-134-0x0000000005080000-0x0000000005090000-memory.dmp

memory/396-135-0x0000000005670000-0x000000000570C000-memory.dmp

memory/396-136-0x0000000005CC0000-0x0000000006264000-memory.dmp

memory/396-137-0x0000000005710000-0x0000000005776000-memory.dmp

memory/396-138-0x0000000005080000-0x0000000005090000-memory.dmp