asyncrat | 98155c900f39faac6a42133850329caabc8bf4ebcc90d5037f481aaa86c7240f

Analysis

max time kernel
148s
max time network
130s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
21-10-2023 23:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

download-filearr.exe
Size

63KB
MD5

fb63ddb5e6b526c7bb1c0559995819ff
SHA1

7a142ffb48e65fd4ce71fafee8b75ba2c057f25a
SHA256

98155c900f39faac6a42133850329caabc8bf4ebcc90d5037f481aaa86c7240f
SHA512

ddb24a9091668be098ac5c4727351bb8d5e502aac4a42590d0cfeaa45991e7699b415d830270624a54e64487c010e4ea3c5d1310863e936f3ea4b4bd51c124a7
SSDEEP

1536:KTWI8rSfQ/9Tc1s21vGtoMbbPwb6TjxkscpqKmY7:KTWLrSY/d6thGuMbbPTjx73z

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_file
svchost.exe
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Async RAT payload 1 IoCs

rat

resource	yara_rule
behavioral1/memory/2052-0-0x0000000000BA0000-0x0000000000BB6000-memory.dmp	asyncrat

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2052	download-filearr.exe
Token: SeDebugPrivilege	2052	download-filearr.exe

C:\Users\Admin\AppData\Local\Temp\download-filearr.exe
"C:\Users\Admin\AppData\Local\Temp\download-filearr.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2052-0-0x0000000000BA0000-0x0000000000BB6000-memory.dmp

Filesize
88KB

Download
memory/2052-1-0x000007FEF5C20000-0x000007FEF660C000-memory.dmp

Filesize
9.9MB

Download
memory/2052-2-0x000000001AF40000-0x000000001AFC0000-memory.dmp

Filesize
512KB

Download
memory/2052-3-0x00000000775E0000-0x0000000077789000-memory.dmp

Filesize
1.7MB

Download
memory/2052-4-0x000007FEF5C20000-0x000007FEF660C000-memory.dmp

Filesize
9.9MB

Download
memory/2052-5-0x000000001AF40000-0x000000001AFC0000-memory.dmp

Filesize
512KB

Download
memory/2052-6-0x00000000775E0000-0x0000000077789000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads