Overview

overview

10

Static

static

10

AsyncClient.exe

windows7-x64

10

AsyncClient.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-01-2024 05:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AsyncClient.exe

  • Size

    66KB

  • MD5

    c3e2e729e929b8c7f7d5f3d44ea06d64

  • SHA1

    159f9bcfb6a6a52578ad71b0fa4b529f6d788527

  • SHA256

    d0b450b6f9127442b116bbc870a643335dbb5ec0eb861b579bd8db96bd995cc8

  • SHA512

    7cf46135a5bc2ab4ec5962fd7da851e0f6d6471608141cf9b86408dc20e5778bfc20cbc2520a5a4aa671a802b4127e0673d18539a33b4ccae8dc493768e9c5d8

  • SSDEEP

    1536:C2wukvF1ak9gcKu5UYF6FhtOtCifbSN/8tgZvoWdYq3rPlTGNx:C2dkvF1ak9Ku5UYFKv6CAbSutgZvrd3y

Score
10/10
asyncrat2024rat

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

2024

C2

w3llstore.mywire.org:6606

w3llstore.mywire.org:7707

w3llstore.mywire.org:8808
Mutex

Dashboard_60101kCSS

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Async RAT payload 2 IoCs
    rat
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AsyncClient.exe
    "C:\Users\Admin\AppData\Local\Temp\AsyncClient.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4752-0-0x0000000000170000-0x0000000000186000-memory.dmp
    Filesize

    88KB

    Download
  • memory/4752-1-0x00000000749E0000-0x0000000075190000-memory.dmp
    Filesize

    7.7MB

    Download
  • memory/4752-2-0x0000000004C70000-0x0000000004C80000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4752-3-0x0000000005330000-0x00000000058D4000-memory.dmp
    Filesize

    5.6MB

    Download
  • memory/4752-4-0x0000000004F30000-0x0000000004FC2000-memory.dmp
    Filesize

    584KB

    Download
  • memory/4752-5-0x0000000004FD0000-0x0000000004FDA000-memory.dmp
    Filesize

    40KB

    Download
  • memory/4752-6-0x00000000749E0000-0x0000000075190000-memory.dmp
    Filesize

    7.7MB

    Download
  • memory/4752-7-0x0000000004C70000-0x0000000004C80000-memory.dmp
    Filesize

    64KB

    Download