asyncrat | 0b29711ec115c27f4cd6963b9ea1e4febf15624f1c17d1c018611ee3df8c333c | Triage

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 15:39 UTC

Sharing

Report Analysis Logs

General

Target

AsyncRAT/Stub/Stub.exe
Size

38KB
MD5

f76702fa423ce2b2b4b0fdcf547b0789
SHA1

ea408a4419e8a3139ef14df987608964c12d3190
SHA256

0e19cefba973323c234322452dfd04e318f14809375090b4f6ab39282f6ba07e
SHA512

03c7d8814687bb4f11ac41a555f368d89d5be749c92624073b77da0e57d872df201f2657b180ad0c9d5bc9ffa0a85989bf31374c7e5deefa06cf36bce3697971
SSDEEP

768:9Xaug0LrCc4d7VtOjkR26/XgNhKwEuyj67zACVyI1rXDjkY5Z07:dafSuVtOGfgTKwt3Nk7

Score

10^/10

asyncrat rat

Malware Config

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Async RAT payload 1 IoCs

resource	yara_rule
behavioral29/memory/2932-0-0x0000000000840000-0x0000000000850000-memory.dmp	asyncrat

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1444	2932	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 1444	2932	Stub.exe	28
PID 2932 wrote to memory of 1444	2932	Stub.exe	28
PID 2932 wrote to memory of 1444	2932	Stub.exe	28
PID 2932 wrote to memory of 1444	2932	Stub.exe	28

C:\Users\Admin\AppData\Local\Temp\AsyncRAT\Stub\Stub.exe
"C:\Users\Admin\AppData\Local\Temp\AsyncRAT\Stub\Stub.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 520
  2⤵
  - Program crash
  PID:1444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2932-0-0x0000000000840000-0x0000000000850000-memory.dmp

Filesize
64KB

Download
memory/2932-1-0x0000000074AF0000-0x00000000751DE000-memory.dmp

Filesize
6.9MB

Download
memory/2932-2-0x0000000074AF0000-0x00000000751DE000-memory.dmp

Filesize
6.9MB

Download