asyncrat | fd240aa98faddeb1c59ecbf0caecb1449fb8aca2f187ef28db6729a41e9b03cf

Analysis

max time kernel
135s
max time network
151s
platform
windows10-1703_x64
resource
win10-20231020-en
resource tags

arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system
submitted
08-12-2023 07:15

Target

fd240aa98faddeb1c59ecbf0caecb1449fb8aca2f187ef28db6729a41e9b03cf.exe
Size

82KB
MD5

b650d8ff26e23317d9e2e7b634b89be2
SHA1

fdc2f4d5067d1e065e79756f37ba439a0a0a86b1
SHA256

fd240aa98faddeb1c59ecbf0caecb1449fb8aca2f187ef28db6729a41e9b03cf
SHA512

c0a11833921fd3793b426a1ef8d681ce514e51aec1f290f16035823bacb4700c1c9ee46390fb9142a83d6e0dd36586cf17a49066d88c28e706d8a62f98373eeb
SSDEEP

1536:OFVaxnTCdOnFO14Q8YcZUbTbxmtqE587/WlVE2f2L79fbqncY69:OFVahCUFO2YawRmN87/aVEZJqncT

Score

10^/10

asyncrat 441d rat

Family

asyncrat

Version

0.5.7B

Botnet

441d

88.248.18.120:33918

Mutex

sdf324

Attributes

aes.plain

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Async RAT payload 1 IoCs

rat

Processes:

resource	yara_rule
behavioral1/memory/4604-3-0x0000000000400000-0x0000000000412000-memory.dmp	asyncrat

Suspicious use of SetThreadContext 1 IoCs

Processes:

fd240aa98faddeb1c59ecbf0caecb1449fb8aca2f187ef28db6729a41e9b03cf.exe

description	pid	process	target process
PID 4496 set thread context of 4604	4496	fd240aa98faddeb1c59ecbf0caecb1449fb8aca2f187ef28db6729a41e9b03cf.exe	RegAsm.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

fd240aa98faddeb1c59ecbf0caecb1449fb8aca2f187ef28db6729a41e9b03cf.exe

description	pid	process	target process
PID 4496 wrote to memory of 4604	4496	fd240aa98faddeb1c59ecbf0caecb1449fb8aca2f187ef28db6729a41e9b03cf.exe	RegAsm.exe
PID 4496 wrote to memory of 4604	4496	fd240aa98faddeb1c59ecbf0caecb1449fb8aca2f187ef28db6729a41e9b03cf.exe	RegAsm.exe
PID 4496 wrote to memory of 4604	4496	fd240aa98faddeb1c59ecbf0caecb1449fb8aca2f187ef28db6729a41e9b03cf.exe	RegAsm.exe
PID 4496 wrote to memory of 4604	4496	fd240aa98faddeb1c59ecbf0caecb1449fb8aca2f187ef28db6729a41e9b03cf.exe	RegAsm.exe
PID 4496 wrote to memory of 4604	4496	fd240aa98faddeb1c59ecbf0caecb1449fb8aca2f187ef28db6729a41e9b03cf.exe	RegAsm.exe
PID 4496 wrote to memory of 4604	4496	fd240aa98faddeb1c59ecbf0caecb1449fb8aca2f187ef28db6729a41e9b03cf.exe	RegAsm.exe
PID 4496 wrote to memory of 4604	4496	fd240aa98faddeb1c59ecbf0caecb1449fb8aca2f187ef28db6729a41e9b03cf.exe	RegAsm.exe
PID 4496 wrote to memory of 4604	4496	fd240aa98faddeb1c59ecbf0caecb1449fb8aca2f187ef28db6729a41e9b03cf.exe	RegAsm.exe

memory/4496-1-0x0000000073550000-0x0000000073C3E000-memory.dmp

Filesize
6.9MB

Download
memory/4496-0-0x00000000008A0000-0x00000000008BA000-memory.dmp

Filesize
104KB

Download
memory/4496-2-0x0000000005140000-0x0000000005150000-memory.dmp

Filesize
64KB

Download
memory/4496-5-0x0000000073550000-0x0000000073C3E000-memory.dmp

Filesize
6.9MB

Download
memory/4604-3-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/4604-6-0x0000000073550000-0x0000000073C3E000-memory.dmp

Filesize
6.9MB

Download
memory/4604-7-0x0000000073550000-0x0000000073C3E000-memory.dmp

Filesize
6.9MB

Download