asyncrat | 6d54fcbf8e77d62a42cb898c139586cdc30a022e3c6122746619c88c778fe499

Analysis

max time kernel
148s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 15:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e052edd5f47c509205c54b76d2a6ad65.exe
Size

604KB
MD5

e052edd5f47c509205c54b76d2a6ad65
SHA1

6751051969eebbf1a1e55692c014d9b2de5a0299
SHA256

6d54fcbf8e77d62a42cb898c139586cdc30a022e3c6122746619c88c778fe499
SHA512

54333bd2a2ede843de91c63bc877c639a4b392ef17b02c365cb1601413248a28414e237f19a1b37588895a1839fe00a2636e19ae79573d2610fbb8543e3bbf79
SSDEEP

12288:zfeBIF3YGLnH3xBfboQfvEMB0fUDLoodsj2G5QhZz6HNv:CBIBYGjH3xGDUDcod4uZzG

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Async RAT payload 4 IoCs

rat

resource	yara_rule
behavioral1/memory/2592-131-0x0000000000630000-0x0000000000730000-memory.dmp	asyncrat
behavioral1/memory/2164-145-0x0000000000400000-0x0000000000417000-memory.dmp	asyncrat
behavioral1/memory/2164-143-0x0000000000400000-0x0000000000417000-memory.dmp	asyncrat
behavioral1/memory/2164-141-0x0000000000400000-0x0000000000417000-memory.dmp	asyncrat

Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs

pid	Process
2592	e052edd5f47c509205c54b76d2a6ad65.exe
2592	e052edd5f47c509205c54b76d2a6ad65.exe
2164	regasm.exe
2164	regasm.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 1960 set thread context of 2592	1960	e052edd5f47c509205c54b76d2a6ad65.exe	28
PID 2592 set thread context of 2164	2592	e052edd5f47c509205c54b76d2a6ad65.exe	29

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2592	e052edd5f47c509205c54b76d2a6ad65.exe
2592	e052edd5f47c509205c54b76d2a6ad65.exe
2592	e052edd5f47c509205c54b76d2a6ad65.exe
2592	e052edd5f47c509205c54b76d2a6ad65.exe
2592	e052edd5f47c509205c54b76d2a6ad65.exe
2592	e052edd5f47c509205c54b76d2a6ad65.exe
2592	e052edd5f47c509205c54b76d2a6ad65.exe
2592	e052edd5f47c509205c54b76d2a6ad65.exe
2592	e052edd5f47c509205c54b76d2a6ad65.exe
2592	e052edd5f47c509205c54b76d2a6ad65.exe
2592	e052edd5f47c509205c54b76d2a6ad65.exe
2592	e052edd5f47c509205c54b76d2a6ad65.exe
2592	e052edd5f47c509205c54b76d2a6ad65.exe
2592	e052edd5f47c509205c54b76d2a6ad65.exe
2592	e052edd5f47c509205c54b76d2a6ad65.exe
2592	e052edd5f47c509205c54b76d2a6ad65.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe
2164	regasm.exe

Suspicious behavior: MapViewOfSection 2 IoCs

pid	Process
1960	e052edd5f47c509205c54b76d2a6ad65.exe
2592	e052edd5f47c509205c54b76d2a6ad65.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1960	e052edd5f47c509205c54b76d2a6ad65.exe
2592	e052edd5f47c509205c54b76d2a6ad65.exe

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 2592	1960	e052edd5f47c509205c54b76d2a6ad65.exe	28
PID 1960 wrote to memory of 2592	1960	e052edd5f47c509205c54b76d2a6ad65.exe	28
PID 1960 wrote to memory of 2592	1960	e052edd5f47c509205c54b76d2a6ad65.exe	28
PID 1960 wrote to memory of 2592	1960	e052edd5f47c509205c54b76d2a6ad65.exe	28
PID 1960 wrote to memory of 2592	1960	e052edd5f47c509205c54b76d2a6ad65.exe	28
PID 2592 wrote to memory of 2164	2592	e052edd5f47c509205c54b76d2a6ad65.exe	29
PID 2592 wrote to memory of 2164	2592	e052edd5f47c509205c54b76d2a6ad65.exe	29
PID 2592 wrote to memory of 2164	2592	e052edd5f47c509205c54b76d2a6ad65.exe	29
PID 2592 wrote to memory of 2164	2592	e052edd5f47c509205c54b76d2a6ad65.exe	29
PID 2592 wrote to memory of 2164	2592	e052edd5f47c509205c54b76d2a6ad65.exe	29
PID 2592 wrote to memory of 2164	2592	e052edd5f47c509205c54b76d2a6ad65.exe	29
PID 2592 wrote to memory of 2164	2592	e052edd5f47c509205c54b76d2a6ad65.exe	29
PID 2592 wrote to memory of 2164	2592	e052edd5f47c509205c54b76d2a6ad65.exe	29

C:\Users\Admin\AppData\Local\Temp\e052edd5f47c509205c54b76d2a6ad65.exe
"C:\Users\Admin\AppData\Local\Temp\e052edd5f47c509205c54b76d2a6ad65.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Users\Admin\AppData\Local\Temp\e052edd5f47c509205c54b76d2a6ad65.exe
  "C:\Users\Admin\AppData\Local\Temp\e052edd5f47c509205c54b76d2a6ad65.exe"
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2592
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe"
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious behavior: EnumeratesProcesses
    PID:2164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1960-42-0x0000000000660000-0x0000000000760000-memory.dmp

Filesize
1024KB

Download
memory/1960-47-0x0000000000660000-0x0000000000760000-memory.dmp

Filesize
1024KB

Download
memory/1960-10-0x0000000000660000-0x0000000000760000-memory.dmp

Filesize
1024KB

Download
memory/1960-9-0x0000000000660000-0x0000000000760000-memory.dmp

Filesize
1024KB

Download
memory/1960-12-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/1960-11-0x0000000000660000-0x0000000000760000-memory.dmp

Filesize
1024KB

Download
memory/1960-8-0x0000000072940000-0x0000000072A93000-memory.dmp

Filesize
1.3MB

Download
memory/1960-17-0x0000000000660000-0x0000000000760000-memory.dmp

Filesize
1024KB

Download
memory/1960-19-0x0000000000660000-0x0000000000760000-memory.dmp

Filesize
1024KB

Download
memory/1960-21-0x0000000000660000-0x0000000000760000-memory.dmp

Filesize
1024KB

Download
memory/1960-23-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/1960-25-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/1960-27-0x0000000000660000-0x0000000000760000-memory.dmp

Filesize
1024KB

Download
memory/1960-29-0x0000000000660000-0x0000000000760000-memory.dmp

Filesize
1024KB

Download
memory/1960-31-0x0000000000660000-0x0000000000760000-memory.dmp

Filesize
1024KB

Download
memory/1960-33-0x0000000000660000-0x0000000000760000-memory.dmp

Filesize
1024KB

Download
memory/1960-34-0x0000000000660000-0x0000000000760000-memory.dmp

Filesize
1024KB

Download
memory/1960-36-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/1960-39-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/1960-40-0x0000000000660000-0x0000000000760000-memory.dmp

Filesize
1024KB

Download
memory/1960-7-0x0000000000660000-0x0000000000760000-memory.dmp

Filesize
1024KB

Download
memory/1960-48-0x0000000000660000-0x0000000000760000-memory.dmp

Filesize
1024KB

Download
memory/1960-64-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/1960-50-0x0000000000660000-0x0000000000760000-memory.dmp

Filesize
1024KB

Download
memory/1960-49-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/1960-46-0x0000000000660000-0x0000000000760000-memory.dmp

Filesize
1024KB

Download
memory/1960-44-0x0000000000660000-0x0000000000760000-memory.dmp

Filesize
1024KB

Download
memory/1960-57-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/1960-56-0x0000000000660000-0x0000000000760000-memory.dmp

Filesize
1024KB

Download
memory/1960-55-0x0000000000660000-0x0000000000760000-memory.dmp

Filesize
1024KB

Download
memory/1960-54-0x0000000072940000-0x0000000072A93000-memory.dmp

Filesize
1.3MB

Download
memory/1960-61-0x0000000000660000-0x0000000000760000-memory.dmp

Filesize
1024KB

Download
memory/1960-62-0x0000000000660000-0x0000000000760000-memory.dmp

Filesize
1024KB

Download
memory/1960-63-0x0000000000660000-0x0000000000760000-memory.dmp

Filesize
1024KB

Download
memory/1960-65-0x0000000000290000-0x0000000000298000-memory.dmp

Filesize
32KB

Download
memory/1960-69-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/1960-3-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/1960-68-0x0000000072940000-0x0000000072A93000-memory.dmp

Filesize
1.3MB

Download
memory/2164-145-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2164-143-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2164-141-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2592-77-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2592-81-0x0000000072940000-0x0000000072A93000-memory.dmp

Filesize
1.3MB

Download
memory/2592-83-0x0000000000630000-0x0000000000730000-memory.dmp

Filesize
1024KB

Download
memory/2592-84-0x0000000000630000-0x0000000000730000-memory.dmp

Filesize
1024KB

Download
memory/2592-86-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2592-85-0x0000000000630000-0x0000000000730000-memory.dmp

Filesize
1024KB

Download
memory/2592-82-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2592-79-0x0000000000630000-0x0000000000730000-memory.dmp

Filesize
1024KB

Download
memory/2592-98-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2592-103-0x0000000000630000-0x0000000000730000-memory.dmp

Filesize
1024KB

Download
memory/2592-105-0x0000000000630000-0x0000000000730000-memory.dmp

Filesize
1024KB

Download
memory/2592-102-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2592-107-0x0000000000630000-0x0000000000730000-memory.dmp

Filesize
1024KB

Download
memory/2592-108-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2592-111-0x0000000000630000-0x0000000000730000-memory.dmp

Filesize
1024KB

Download
memory/2592-113-0x0000000000630000-0x0000000000730000-memory.dmp

Filesize
1024KB

Download
memory/2592-116-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2592-119-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2592-122-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2592-124-0x0000000000630000-0x0000000000730000-memory.dmp

Filesize
1024KB

Download
memory/2592-125-0x0000000000630000-0x0000000000730000-memory.dmp

Filesize
1024KB

Download
memory/2592-126-0x0000000000630000-0x0000000000730000-memory.dmp

Filesize
1024KB

Download
memory/2592-123-0x0000000000630000-0x0000000000730000-memory.dmp

Filesize
1024KB

Download
memory/2592-121-0x0000000000630000-0x0000000000730000-memory.dmp

Filesize
1024KB

Download
memory/2592-120-0x0000000000630000-0x0000000000730000-memory.dmp

Filesize
1024KB

Download
memory/2592-118-0x0000000000630000-0x0000000000730000-memory.dmp

Filesize
1024KB

Download
memory/2592-115-0x0000000000630000-0x0000000000730000-memory.dmp

Filesize
1024KB

Download
memory/2592-110-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2592-94-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2592-90-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2592-131-0x0000000000630000-0x0000000000730000-memory.dmp

Filesize
1024KB

Download
memory/2592-132-0x0000000000630000-0x0000000000730000-memory.dmp

Filesize
1024KB

Download
memory/2592-130-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2592-137-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2592-70-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2592-72-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2592-66-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2592-148-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2592-147-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download