asyncrat | 55023584cad284f8c24be6d43ad6c551c08754bf2ed23e9e34b15b5d9df42582

Analysis

max time kernel
119s
max time network
149s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
04/09/2023, 09:09 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bPyj.exe
Size

47KB
MD5

3d368131608f322b6483637db18a1828
SHA1

6eefb2bdd93843af11fb69bc0979b593e499a480
SHA256

55023584cad284f8c24be6d43ad6c551c08754bf2ed23e9e34b15b5d9df42582
SHA512

49244e80ce12314342982e3e2bd71b17dd817c09bd106135f3b2ca4ac84c5867ef35b02e8a5faf0e8915d2c29b338d08a73f2e21785102ac766d579815e320a4
SSDEEP

768:wq+s3pUtDILNCCa+DikFZdgrcqis+8YbLgeCcmPCM8vEgK/J3ZVc6KN:wq+AGtQOkirUzb08mPCfnkJ3ZVclN

Score

10^/10

asyncrat vbs09 rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

VBS09

4Mekey.myftp.biz:8848

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

1
XGsbVSivB5UxIo2BLrawapjXnCIiyjfo

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Async RAT payload 1 IoCs

rat

resource	yara_rule
behavioral1/memory/2376-0-0x0000000000A10000-0x0000000000A22000-memory.dmp	asyncrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2376	bPyj.exe

C:\Users\Admin\AppData\Local\Temp\bPyj.exe
"C:\Users\Admin\AppData\Local\Temp\bPyj.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2376

Network

DNS

4Mekey.myftp.biz

bPyj.exe

Remote address:

8.8.8.8:53

Request

4Mekey.myftp.biz

IN A

Response

4Mekey.myftp.biz

IN A

198.23.212.148

198.23.212.148:8848

4Mekey.myftp.biz

tls

bPyj.exe

6.6kB
6.7kB
69
71

8.8.8.8:53

4Mekey.myftp.biz

dns

bPyj.exe

62 B
78 B
1
1

DNS Request

4Mekey.myftp.biz

DNS Response

198.23.212.148

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Cab35C2.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
memory/2376-0-0x0000000000A10000-0x0000000000A22000-memory.dmp

Filesize
72KB

Download
memory/2376-1-0x000007FEF5FE0000-0x000007FEF69CC000-memory.dmp

Filesize
9.9MB

Download
memory/2376-2-0x000000001B1B0000-0x000000001B230000-memory.dmp

Filesize
512KB

Download
memory/2376-19-0x000007FEF5FE0000-0x000007FEF69CC000-memory.dmp

Filesize
9.9MB

Download
memory/2376-20-0x000000001B1B0000-0x000000001B230000-memory.dmp

Filesize
512KB

Download