asyncrat | 52adfe5797b14ea67d9d9a78eca85a5ef016cc121f439fbfe8f7219dfefd1303

Analysis

max time kernel
133s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
20-07-2024 08:46

Target

52adfe5797b14ea67d9d9a78eca85a5ef016cc121f439fbfe8f7219dfefd1303.exe
Size

63KB
MD5

c842ccf5599a37e82191fc67fb5e9123
SHA1

59a204a05b7e6ba6164105614092d8e3eaf141be
SHA256

52adfe5797b14ea67d9d9a78eca85a5ef016cc121f439fbfe8f7219dfefd1303
SHA512

efb92b33a593f2649d91b0c1533f07277a066256b12bdd5e993a6c8c56946eea214fa9732801e3dfe0eeda5ee6636b97dd956e0fcc272ac27d076e488f05a8ac
SSDEEP

768:QvsM2sk/978SQC8A+XjlazcBRL5JTk1+T4KSBGHmDbD/ph0oXnuP5zApJhUVYSu6:j1/M/dSJYUbdh9nuP5zeGJu0dpqKmY7

Score

10^/10

Family

asyncrat

Botnet

Default

bulletingmarrano-45523.portmap.host:45523

Attributes

aes.plain

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2740	52adfe5797b14ea67d9d9a78eca85a5ef016cc121f439fbfe8f7219dfefd1303.exe

C:\Users\Admin\AppData\Local\Temp\52adfe5797b14ea67d9d9a78eca85a5ef016cc121f439fbfe8f7219dfefd1303.exe
"C:\Users\Admin\AppData\Local\Temp\52adfe5797b14ea67d9d9a78eca85a5ef016cc121f439fbfe8f7219dfefd1303.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2740

memory/2740-0-0x0000000000250000-0x0000000000266000-memory.dmp

Filesize
88KB

Download
memory/2740-1-0x00007FFD3DA73000-0x00007FFD3DA75000-memory.dmp

Filesize
8KB

Download
memory/2740-2-0x00007FFD3DA70000-0x00007FFD3E531000-memory.dmp

Filesize
10.8MB

Download
memory/2740-3-0x00007FFD3DA70000-0x00007FFD3E531000-memory.dmp

Filesize
10.8MB

Download
memory/2740-4-0x00007FFD3DA70000-0x00007FFD3E531000-memory.dmp

Filesize
10.8MB

Download
memory/2740-5-0x00007FFD3DA70000-0x00007FFD3E531000-memory.dmp

Filesize
10.8MB

Download