asyncrat | 53cdc49c7fb83b419c07edb45c544b106aaa37db00e8a37211678af6350a82f1

Analysis

max time kernel
149s
max time network
124s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
21-07-2024 20:08

Target

Borat/BoratRat.exe
Size

20.0MB
MD5

65b694d69d327efe28fcbce125401e96
SHA1

049d4d71742b99a598c074458f1f2d5b0119e912
SHA256

de60ecbbfef30c93fe8875ef69b358b20076d1f969fc3d21ab44d59dc9ef7cab
SHA512

7ab57642e414e134e851d9aa2ed3ef8b483f3a5f77877cdc04e08d7f95c44884f8ccc6beaf8ba7f6949cfd7398c46be46c024d4fdeacd3a332d4565609baad5b
SSDEEP

393216:V+G+oTCP+Zw6NLIsFfskh1BmXGnfBd+Uw:IGpTCP+Zlnk0rmkBYUw

Score

10^/10

asyncrat rat

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Suspicious behavior: EnumeratesProcesses 10 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2544	BoratRat.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2544	BoratRat.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2544	BoratRat.exe

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:2868

memory/2544-0-0x000007FEF5A23000-0x000007FEF5A24000-memory.dmp

Filesize
4KB

Download
memory/2544-1-0x0000000000BB0000-0x0000000001FBA000-memory.dmp

Filesize
20.0MB

Download
memory/2544-2-0x000007FEF5A20000-0x000007FEF640C000-memory.dmp

Filesize
9.9MB

Download
memory/2544-3-0x000007FEF5A20000-0x000007FEF640C000-memory.dmp

Filesize
9.9MB

Download
memory/2544-8-0x000007FEF5A23000-0x000007FEF5A24000-memory.dmp

Filesize
4KB

Download
memory/2544-9-0x000007FEF5A20000-0x000007FEF640C000-memory.dmp

Filesize
9.9MB

Download
memory/2544-10-0x000007FEF5A20000-0x000007FEF640C000-memory.dmp

Filesize
9.9MB

Download