Overview

overview

10

Static

static

3

rat.exe

windows7-x64

7

rat.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    50s
  • max time network
    38s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/10/2023, 15:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    rat.exe

  • Size

    512KB

  • MD5

    738c07f22ff7922d8fcff5ba6555dbb3

  • SHA1

    86a08e0cb6b92b08d358c75e47dd5325b4aba323

  • SHA256

    7a83115ab46ba6a3c237d78f32bd3386ff4d4d7cd7b06ad731fe8071b2246278

  • SHA512

    c49a900d0165f56cc513c6e4e6551a69f3b49c8c0a9719ac925c6004b69554540999d1f3c9d63c397564e6ec67bb65cc31fa6e0ff9c2685a325fea7c8c0868dd

  • SSDEEP

    3072:7HivS2XIxjLnBnbmOKIudTziZ3w2OAGzCZ44Lz/w:LxvnBJh+T63wZzCZ44Lzw

Score
10/10
asyncratdefaultratspywarestealer

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_file

    svchost.exe

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Async RAT payload 1 IoCs
    rat
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\rat.exe
    "C:\Users\Admin\AppData\Local\Temp\rat.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1916

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1916-0-0x000001A79A600000-0x000001A79A64C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/1916-1-0x000001A79C230000-0x000001A79C24C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/1916-2-0x00007FF921F80000-0x00007FF922A41000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1916-3-0x000001A7B4BB0000-0x000001A7B4BC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1916-4-0x000001A7B4AC0000-0x000001A7B4AD2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1916-5-0x000001A7B4AE0000-0x000001A7B4AF6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1916-6-0x00007FF921F80000-0x00007FF922A41000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1916-7-0x000001A7B4BB0000-0x000001A7B4BC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1916-8-0x000001A7B4B00000-0x000001A7B4B16000-memory.dmp

    Filesize

    88KB

    Download