asyncrat | 8074d6085f0629dc715fbf492933cf91ae573051c84aa749d56f88936e8f0ea1

Resubmissions

05-07-2024 17:23

240705-vyej5ascmr 10

05-07-2024 17:18

240705-vt88yasckj 10

05-07-2024 16:59

240705-vhqbpavbka 10

Analysis

max time kernel
1717s
max time network
1150s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
05-07-2024 17:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Anarxiya/Anarchy Panel.exe
Size

54.6MB
MD5

94bac1a0cc0dbac256f0d3b4c90648c2
SHA1

4abcb8a31881e88322f6a37cbb24a14a80c6eef2
SHA256

50c2dba1d961e09cb8df397b71bd3b6a32d0ee6dbe886e7309305dc4ba968f94
SHA512

30ecee38d5d641abaf73e09a23c614cb3b8b84aa1f8ff1818e92c1f2b51bf6841d3e51564aecb5efd01a3d98db88f0938e7dd4ee9c74ca5477785c33c969ffd9
SSDEEP

786432:RvcKHU1yll1EcgYwm/7hPo9b9DMs2PTUpRYj:lPU4bZwm/NwEIYj

Score

10^/10

asyncrat rat

Malware Config

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

Processes:

resource	yara_rule
behavioral2/memory/3064-1-0x0000000000680000-0x0000000003D1E000-memory.dmp	net_reactor

Loads dropped DLL 1 IoCs

Processes:

Anarchy Panel.exe

pid process

3064 Anarchy Panel.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Anarchy Panel.exe

description pid process

Token: SeDebugPrivilege 3064 Anarchy Panel.exe

pid	process
3064	Anarchy Panel.exe

description	pid	process
Token: SeDebugPrivilege	3064	Anarchy Panel.exe

C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe
"C:\Users\Admin\AppData\Local\Temp\Anarxiya\Anarchy Panel.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:3064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Costura\C5730A4C0FDD612A5678E51A536CE09E\64\sqlite.interop.dll
Filesize
1.7MB

MD5
56a504a34d2cfbfc7eaa2b68e34af8ad

SHA1
426b48b0f3b691e3bb29f465aed9b936f29fc8cc

SHA256
9309fb2a3f326d0f2cc3f2ab837cfd02e4f8cb6b923b3b2be265591fd38f4961

SHA512
170c3645083d869e2368ee16325d7edaeba2d8f1d3d4a6a1054cfdd8616e03073772eeae30c8f79a93173825f83891e7b0e4fd89ef416808359f715a641747d7

Download Submit
memory/3064-11-0x00007FF84BC80000-0x00007FF84C741000-memory.dmp

Filesize
10.8MB

Download
memory/3064-10-0x000000001F700000-0x000000001FAC0000-memory.dmp

Filesize
3.8MB

Download
memory/3064-3-0x00007FF84BC80000-0x00007FF84C741000-memory.dmp

Filesize
10.8MB

Download
memory/3064-1-0x0000000000680000-0x0000000003D1E000-memory.dmp

Filesize
54.6MB

Download
memory/3064-12-0x00007FF84BC80000-0x00007FF84C741000-memory.dmp

Filesize
10.8MB

Download
memory/3064-9-0x000000001FC30000-0x0000000020218000-memory.dmp

Filesize
5.9MB

Download
memory/3064-2-0x00007FF84BC80000-0x00007FF84C741000-memory.dmp

Filesize
10.8MB

Download
memory/3064-0-0x00007FF84BC83000-0x00007FF84BC85000-memory.dmp

Filesize
8KB

Download
memory/3064-8-0x0000000005DD0000-0x0000000005DE2000-memory.dmp

Filesize
72KB

Download
memory/3064-13-0x00007FF84BC80000-0x00007FF84C741000-memory.dmp

Filesize
10.8MB

Download
memory/3064-14-0x00007FF84BC80000-0x00007FF84C741000-memory.dmp

Filesize
10.8MB

Download
memory/3064-15-0x00007FF84BC83000-0x00007FF84BC85000-memory.dmp

Filesize
8KB

Download
memory/3064-16-0x00007FF84BC80000-0x00007FF84C741000-memory.dmp

Filesize
10.8MB

Download
memory/3064-17-0x00007FF84BC80000-0x00007FF84C741000-memory.dmp

Filesize
10.8MB

Download
memory/3064-18-0x00007FF84BC80000-0x00007FF84C741000-memory.dmp

Filesize
10.8MB

Download
memory/3064-19-0x00007FF84BC80000-0x00007FF84C741000-memory.dmp

Filesize
10.8MB

Download