asyncrat | 15c37fc34c843c04dd97fdb40a9c767c0964a02ee7c0d9b22fd67a85fcf39a8a

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28-05-2024 14:22

Target

15c37fc34c843c04dd97fdb40a9c767c0964a02ee7c0d9b22fd67a85fcf39a8a.exe
Size

47KB
MD5

7a51aa3884526620751838e6c9714f25
SHA1

9f0210f25aaa9d2598a02132cf8faa5541d6ff3a
SHA256

15c37fc34c843c04dd97fdb40a9c767c0964a02ee7c0d9b22fd67a85fcf39a8a
SHA512

7460684b61e37eb842463abd8203eecfbb635767168be8d6bc79a6da5282dcee8ed9034adaecd315419117eb9f7851b20e14a9221e5b0c38dcb85127f5aa14d7
SSDEEP

768:5CT3ILNCKi+Di5hFxhLR5qiH6Ybrge8ZIar7XvEgK/JTZVc6KN:5CYm5jxXDpbUVeY7XnkJTZVclN

Score

10^/10

asyncrat mayo27 rat

Family

asyncrat

Version

1.0.7

Botnet

MAYO27

flugrekorder.duckdns.org:7786

Mutex

"$%#&63T%y/34rdy@

Attributes

aes.plain

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Delays execution with timeout.exe 1 IoCs
evasion

Processes:

timeout.exe

pid process

4868 timeout.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

15c37fc34c843c04dd97fdb40a9c767c0964a02ee7c0d9b22fd67a85fcf39a8a.exe

description pid process

Token: SeDebugPrivilege 2744 15c37fc34c843c04dd97fdb40a9c767c0964a02ee7c0d9b22fd67a85fcf39a8a.exe

pid	process
4868	timeout.exe

description	pid	process
Token: SeDebugPrivilege	2744	15c37fc34c843c04dd97fdb40a9c767c0964a02ee7c0d9b22fd67a85fcf39a8a.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

15c37fc34c843c04dd97fdb40a9c767c0964a02ee7c0d9b22fd67a85fcf39a8a.execmd.exe

description	pid	process	target process
PID 2744 wrote to memory of 2420	2744	15c37fc34c843c04dd97fdb40a9c767c0964a02ee7c0d9b22fd67a85fcf39a8a.exe	cmd.exe
PID 2744 wrote to memory of 2420	2744	15c37fc34c843c04dd97fdb40a9c767c0964a02ee7c0d9b22fd67a85fcf39a8a.exe	cmd.exe
PID 2420 wrote to memory of 4868	2420	cmd.exe	timeout.exe
PID 2420 wrote to memory of 4868	2420	cmd.exe	timeout.exe

C:\Users\Admin\AppData\Local\Temp\tmpA604.tmp.bat

Filesize
216B

MD5
67b7eba08a33edb90d8f7d6dc7078eff

SHA1
0975af23fd6160c80aafb2c09e3f52ee113f8793

SHA256
d84bb747cf9fb2661bab1dc826ad1e2b2a64001a2503f211a302b8334422822d

SHA512
69714fae39e36ac6fa3ee8137cc1daf6e52cf59daac5bcedd3f65750e5502b4e21c8f1e066bd6ddaec7133d83d755bc6f14b72fafd7ba0d1aa67f8d626202bd6

Download Submit
memory/2744-0-0x00007FF8B9523000-0x00007FF8B9525000-memory.dmp

Filesize
8KB

Download
memory/2744-1-0x0000000000CA0000-0x0000000000CB2000-memory.dmp

Filesize
72KB

Download
memory/2744-2-0x00007FF8B9520000-0x00007FF8B9FE1000-memory.dmp

Filesize
10.8MB

Download
memory/2744-5-0x00007FF8B9520000-0x00007FF8B9FE1000-memory.dmp

Filesize
10.8MB

Download
memory/2744-6-0x00007FF8B9523000-0x00007FF8B9525000-memory.dmp

Filesize
8KB

Download
memory/2744-7-0x00007FF8B9520000-0x00007FF8B9FE1000-memory.dmp

Filesize
10.8MB

Download
memory/2744-8-0x000000001D9B0000-0x000000001DA26000-memory.dmp

Filesize
472KB

Download
memory/2744-9-0x000000001D930000-0x000000001D994000-memory.dmp

Filesize
400KB

Download
memory/2744-10-0x000000001DA30000-0x000000001DA4E000-memory.dmp

Filesize
120KB

Download
memory/2744-15-0x00007FF8B9520000-0x00007FF8B9FE1000-memory.dmp

Filesize
10.8MB

Download