asyncrat | 322fc6cd95736358b1034043b92ff96ce8caeb1f3fd93a9ebfc276c237fd7634

Analysis

max time kernel
26s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
15/05/2023, 19:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NVIDIA Container.exe
Size

68KB
MD5

fe1fb35eb4bd25f55a4f45b818de2c9f
SHA1

8a188fb0cedcbc7920e13ee47a7f9f127057aaa4
SHA256

322fc6cd95736358b1034043b92ff96ce8caeb1f3fd93a9ebfc276c237fd7634
SHA512

93387da7197b270c88f42002efec3ea93257595f15757cc7e153fd12dabcea5f4ac62234a01234aca0135e73c430c8863aa73ca485f209f579798a90bb2ff139
SSDEEP

1536:mJM1Tn8I8Q7vIh5wp0OP/iEGbbCw+KmL1GeyEoR+VclN:mJM1Tn8I8Q7e5wp0+/PGbbCBKmLyJkY

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

discordmod.duckdns.org:8848

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
true
install_file
NVIDIA Container.exe
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Async RAT payload 1 IoCs

rat

resource	yara_rule
behavioral1/memory/1584-54-0x0000000001360000-0x0000000001378000-memory.dmp	asyncrat

Suspicious use of AdjustPrivilegeToken 20 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	1584	NVIDIA Container.exe
Token: SeSecurityPrivilege	1584	NVIDIA Container.exe
Token: SeTakeOwnershipPrivilege	1584	NVIDIA Container.exe
Token: SeLoadDriverPrivilege	1584	NVIDIA Container.exe
Token: SeSystemProfilePrivilege	1584	NVIDIA Container.exe
Token: SeSystemtimePrivilege	1584	NVIDIA Container.exe
Token: SeProfSingleProcessPrivilege	1584	NVIDIA Container.exe
Token: SeIncBasePriorityPrivilege	1584	NVIDIA Container.exe
Token: SeCreatePagefilePrivilege	1584	NVIDIA Container.exe
Token: SeBackupPrivilege	1584	NVIDIA Container.exe
Token: SeRestorePrivilege	1584	NVIDIA Container.exe
Token: SeShutdownPrivilege	1584	NVIDIA Container.exe
Token: SeDebugPrivilege	1584	NVIDIA Container.exe
Token: SeSystemEnvironmentPrivilege	1584	NVIDIA Container.exe
Token: SeRemoteShutdownPrivilege	1584	NVIDIA Container.exe
Token: SeUndockPrivilege	1584	NVIDIA Container.exe
Token: SeManageVolumePrivilege	1584	NVIDIA Container.exe
Token: 33	1584	NVIDIA Container.exe
Token: 34	1584	NVIDIA Container.exe
Token: 35	1584	NVIDIA Container.exe

C:\Users\Admin\AppData\Local\Temp\NVIDIA Container.exe
"C:\Users\Admin\AppData\Local\Temp\NVIDIA Container.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1584-54-0x0000000001360000-0x0000000001378000-memory.dmp

Filesize
96KB

Download
memory/1584-55-0x000000001B040000-0x000000001B0C0000-memory.dmp

Filesize
512KB

Download