Overview

overview

10

Static

static

10

AsyncClient.exe

windows7-x64

10

AsyncClient.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 05:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AsyncClient.exe

  • Size

    66KB

  • MD5

    c3e2e729e929b8c7f7d5f3d44ea06d64

  • SHA1

    159f9bcfb6a6a52578ad71b0fa4b529f6d788527

  • SHA256

    d0b450b6f9127442b116bbc870a643335dbb5ec0eb861b579bd8db96bd995cc8

  • SHA512

    7cf46135a5bc2ab4ec5962fd7da851e0f6d6471608141cf9b86408dc20e5778bfc20cbc2520a5a4aa671a802b4127e0673d18539a33b4ccae8dc493768e9c5d8

  • SSDEEP

    1536:C2wukvF1ak9gcKu5UYF6FhtOtCifbSN/8tgZvoWdYq3rPlTGNx:C2dkvF1ak9Ku5UYFKv6CAbSutgZvrd3y

Score
10/10
asyncrat2024rat

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

2024

C2

w3llstore.mywire.org:6606

w3llstore.mywire.org:7707

w3llstore.mywire.org:8808
Mutex

Dashboard_60101kCSS

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Async RAT payload 1 IoCs
    rat
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AsyncClient.exe
    "C:\Users\Admin\AppData\Local\Temp\AsyncClient.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2256-0-0x0000000000CE0000-0x0000000000CF6000-memory.dmp
    Filesize

    88KB

    Download
  • memory/2256-1-0x0000000074620000-0x0000000074D0E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/2256-2-0x00000000049C0000-0x0000000004A00000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2256-3-0x0000000074620000-0x0000000074D0E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/2256-4-0x00000000049C0000-0x0000000004A00000-memory.dmp
    Filesize

    256KB

    Download