asyncrat | af9d60ae6848565e34f1f4545f75ad894b0cb502f73216487190d95ecb86f282

Analysis

max time kernel
134s
max time network
144s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09-07-2024 03:03

Target

Stupido.exe
Size

47KB
MD5

28ea39d8afd092f7ac283d720c4ff07b
SHA1

74c3a8c13d8b5722be39a70e6fb91a4084ddab9f
SHA256

af9d60ae6848565e34f1f4545f75ad894b0cb502f73216487190d95ecb86f282
SHA512

a2329c29ed655e956beb6ed598134cd2058c46e611d112d1092fd1d603c146ab94215f33ae9f7502379d06c02a58b2ddc82577a18c175eb9bcc6404111a7a372
SSDEEP

768:NuPfZTg4pYiWUU9jjmo2qrZpaThJdgnLpQWYAofR0bWXN5H6jQhvUNVCy2bdcDZI:NuPfZTgKa29gLBYAo+bWdVXMB26dJf+

Score

10^/10

Family

asyncrat

Version

0.5.8

Botnet

Default

card-buzz.gl.at.ply.gg:2497

Mutex

uE6w2BW3TJU0

Attributes

aes.plain

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1996	Stupido.exe
Token: SeDebugPrivilege	1996	Stupido.exe

C:\Users\Admin\AppData\Local\Temp\Stupido.exe
"C:\Users\Admin\AppData\Local\Temp\Stupido.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1996

memory/1996-0-0x0000000074B8E000-0x0000000074B8F000-memory.dmp

Filesize
4KB

Download
memory/1996-1-0x0000000000870000-0x0000000000882000-memory.dmp

Filesize
72KB

Download
memory/1996-2-0x0000000074B80000-0x000000007526E000-memory.dmp

Filesize
6.9MB

Download
memory/1996-3-0x0000000074B8E000-0x0000000074B8F000-memory.dmp

Filesize
4KB

Download
memory/1996-4-0x0000000074B80000-0x000000007526E000-memory.dmp

Filesize
6.9MB

Download