asyncrat | f6bd753fce059b8484f1997e113d13ec811e2e4fd19623a3a06c66a571475467

Analysis

max time kernel
4s
max time network
7s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
13/07/2024, 09:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sigma56.exe
Size

299KB
MD5

4251de902d30c3e2825ae735cd98740d
SHA1

2d6d7b7072512d5aa13eb31fdaef766f9076f242
SHA256

f6bd753fce059b8484f1997e113d13ec811e2e4fd19623a3a06c66a571475467
SHA512

80bdccb63c8c0b25bbccd38a392d223fd247a3c43f45c30131b8d6baa7a94e2e41fa51c5c0781d237ccf8afe5b6867d5a308101312a5e3ba3eee43b909b45166
SSDEEP

6144:toYaLsLOz74uXoI2NyGNygiT93lA5Jj3qkNi57o:iYaoCzjkqT930am08

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

10.14.0.3:6606

10.14.0.3:7707

10.14.0.3:8808

Mutex

SoDs5pvJ8zw0

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Async RAT payload 1 IoCs

rat

resource	yara_rule
behavioral1/memory/4336-8-0x000002085F270000-0x000002085F282000-memory.dmp	family_asyncrat

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4412 wrote to memory of 4336	4412	sigma56.exe	82
PID 4412 wrote to memory of 4336	4412	sigma56.exe	82
PID 4412 wrote to memory of 4336	4412	sigma56.exe	82
PID 4412 wrote to memory of 4336	4412	sigma56.exe	82
PID 4412 wrote to memory of 4336	4412	sigma56.exe	82
PID 4412 wrote to memory of 4336	4412	sigma56.exe	82

C:\Users\Admin\AppData\Local\Temp\sigma56.exe
"C:\Users\Admin\AppData\Local\Temp\sigma56.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4412
- C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe
  "C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe"
  2⤵
  PID:4336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4336-5-0x000002085F190000-0x000002085F1A3000-memory.dmp

Filesize
76KB

Download
memory/4336-7-0x00007FFD2B103000-0x00007FFD2B105000-memory.dmp

Filesize
8KB

Download
memory/4336-8-0x000002085F270000-0x000002085F282000-memory.dmp

Filesize
72KB

Download
memory/4336-9-0x00007FFD2B100000-0x00007FFD2BBC2000-memory.dmp

Filesize
10.8MB

Download
memory/4412-6-0x0000000000410000-0x0000000000461000-memory.dmp

Filesize
324KB

Download