Overview

overview

10

Static

static

10

AsyncRAT/Compiler.exe

windows7-x64

1

AsyncRAT/Compiler.exe

windows10-2004-x64

10

AsyncRAT/Fixer.bat

windows7-x64

1

AsyncRAT/Fixer.bat

windows10-2004-x64

5

AsyncRAT/P...at.dll

windows7-x64

1

AsyncRAT/P...at.dll

windows10-2004-x64

1

AsyncRAT/P...ra.dll

windows7-x64

1

AsyncRAT/P...ra.dll

windows10-2004-x64

1

AsyncRAT/P...er.dll

windows7-x64

1

AsyncRAT/P...er.dll

windows10-2004-x64

1

AsyncRAT/P...er.dll

windows7-x64

1

AsyncRAT/P...er.dll

windows10-2004-x64

1

AsyncRAT/P...er.dll

windows7-x64

1

AsyncRAT/P...er.dll

windows10-2004-x64

1

AsyncRAT/P...us.dll

windows7-x64

1

AsyncRAT/P...us.dll

windows10-2004-x64

1

AsyncRAT/P...ns.dll

windows7-x64

1

AsyncRAT/P...ns.dll

windows10-2004-x64

1

AsyncRAT/P...er.dll

windows7-x64

1

AsyncRAT/P...er.dll

windows10-2004-x64

1

AsyncRAT/P...ry.dll

windows7-x64

1

AsyncRAT/P...ry.dll

windows10-2004-x64

1

AsyncRAT/P...ra.dll

windows7-x64

1

AsyncRAT/P...ra.dll

windows10-2004-x64

1

AsyncRAT/P...op.dll

windows7-x64

1

AsyncRAT/P...op.dll

windows10-2004-x64

1

AsyncRAT/P...le.dll

windows7-x64

1

AsyncRAT/P...le.dll

windows10-2004-x64

1

AsyncRAT/P...ry.dll

windows7-x64

1

AsyncRAT/P...ry.dll

windows10-2004-x64

1

AsyncRAT/S...ub.exe

windows7-x64

10

AsyncRAT/S...ub.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    70s
  • max time network
    72s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-08-2024 22:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AsyncRAT/Fixer.bat

  • Size

    141B

  • MD5

    52ab2690a33a51804764be81820504aa

  • SHA1

    36af53e8b27ea737c255402156c77c5f9be17aa0

  • SHA256

    5255fa89ba49c5f1f2c81d66d42e3b16305296945683954eab1492ed11b90b4c

  • SHA512

    95579203bd7e3f2104ad2f886b162f9938d6e371ba351b0b9c5fb5d3368d674f22f4c2ccc54aece5a9ab5f044ca9deeed63a4ad30ffd42787c54807c8396f21b

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 12 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\AsyncRAT\Fixer.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1436
    • C:\Windows\system32\lodctr.exe
      lodctr /r
      2⤵
      • Drops file in System32 directory
      PID:1080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\System32\perfc007.dat
    Filesize

    44KB

    MD5

    bc3d1639f16cb93350a76b95cd59108b

    SHA1

    47f1067b694967d71af236d5e33d31cb99741f4c

    SHA256

    004818827ecc581f75674919f4605d28eed27e3f2229ae051d6849129eef40e9

    SHA512

    fe44f3dbd009d932491af26c3615e616bc0042741dc3815ffb4d2b8d201efd8ab89f7cdd747406609393f005a596a6e9ea8e3f231bc150dc406c2adb8f806249

    Download Submit

  • C:\Windows\System32\perfc00A.dat
    Filesize

    51KB

    MD5

    70c7ba068b82106810720fdec5406762

    SHA1

    744c05ee14ea69e9706a07967b4ca1597298729d

    SHA256

    f3fccee564956fd81a1bba3477a18b04197bccf5efa057713c92a77b266c7b33

    SHA512

    14bb6e89946abcc10f640e2d553623b319c829e31ff872be0976c3d0419bc8ac656e4774333d4040df9507f064e9f92347677f4b20c66317fffaabed5bb1c4b4

    Download Submit

  • C:\Windows\System32\perfc00C.dat
    Filesize

    47KB

    MD5

    391168ff06e8d68c7a6f90c1ccb088be

    SHA1

    c3f8c12481c9d3559e8df93ade8f5bfefd271627

    SHA256

    7f2847cbf10a70dec0bfb78ca1bf2e548caa8de43deb290cc21d4d1a47bd7525

    SHA512

    71fe34a07a2107c03fc4735ca78814adc1c55ee3362ce01d6b9983b0ac52315485135b58edecbcd67252c1e27a451138a765bdf3f746e1241834cf35106520c6

    Download Submit

  • C:\Windows\System32\perfc010.dat
    Filesize

    46KB

    MD5

    afc0429d5050b0057aea0a66a565c61a

    SHA1

    73f4910cee7b27a049d6dfe291bb6c8a99c6dc8b

    SHA256

    f6847323dd961aef9230bca3409a01b7c4e5e16dcca8a2e2417c9dc750871cf6

    SHA512

    a33920642f3ec69c04ff61b09149a57ea91e76bb8d51f1d393a31b5079a3f83939863d6a924bf2a2982786b2825bb634e3d0c0920c7bc0bf6a91e214ef8555bd

    Download Submit

  • C:\Windows\System32\perfc011.dat
    Filesize

    32KB

    MD5

    50681b748a019d0096b5df4ebe1eab74

    SHA1

    0fa741b445f16f05a1984813c7b07cc66097e180

    SHA256

    33295c7ee1b56a41e809432bc25dd745ba55b2dc91bfa97aa1f55156880cd71a

    SHA512

    568439b3547dcbcce28499d45663fdd0e2222f6c5c90053769ce2585f65721f679c071393328bde72c9a3f03da4c17abb84b8303897688b59598887ceb31438e

    Download Submit

  • C:\Windows\System32\perfh007.dat
    Filesize

    307KB

    MD5

    312d855b1d95ae830e067657cffdd28c

    SHA1

    8133c02adeae24916fa9c53e52b3bfe66ac3d5a3

    SHA256

    ca3f8056e3e2378509ab24f8b8471e5fccac403a5413be518ac35bbb42a2e2cf

    SHA512

    f25c1a81a582a2a5e3142bd97f425c6ee5c26f878b1155232002fff1e4a3528bc371fb962da256c281e05c6c537160a4f48e00ea1fcf3e9887097f8ca6ec2b14

    Download Submit

  • C:\Windows\System32\perfh009.dat
    Filesize

    310KB

    MD5

    1ad05e460c6fbb5f7b96e059a4ab6cef

    SHA1

    1c3e4e455fa0630aaa78a1d19537d5ff787960cf

    SHA256

    0ae16c72ca5301b0f817e69a4bac29157369ecfbadc6c13a5a37db5901238c71

    SHA512

    c608aa10b547003b25ff63bb1999a5fff0256aadd8b005fdd26569a9828d3591129a0f21c11ec8e5d5f390b11c49f2ef8a6e36375c9e13d547415e0ec97a398f

    Download Submit

  • C:\Windows\System32\perfh00A.dat
    Filesize

    360KB

    MD5

    1402add2a611322eb6f624705c8a9a4e

    SHA1

    d08b0b5e602d4587e534cf5e9c3d04c549a5aa47

    SHA256

    0ac43c8e77edb2c1468420653fc5d505b26cdc4da06c4121ce4bbecae561e6cb

    SHA512

    177d5ea7e77eee154042b5e064db67a5cac9435890a2ff65cd98da21433f4e7de743e9df22ac0ac61be89fc0be8655b46454ed4a930d13fc7c1dfebe5896781f

    Download Submit

  • C:\Windows\System32\perfh00C.dat
    Filesize

    363KB

    MD5

    d0a8d13996333367f0e1721ca8658e00

    SHA1

    f48f432c5a0d3c425961e6ed6291ddb0f4b5a116

    SHA256

    68a7924621a0fbc13d0ea151617d13732a991cef944aae67d44fc030740a82e9

    SHA512

    8a68c62b5fc983975d010ae6504a1cbfdf34d5656e3277d9a09eb92929e201e27ca7bd2030740c8240a4afd56af57c223b4fd6de193bedf84ac7238777310de4

    Download Submit

  • C:\Windows\System32\perfh010.dat
    Filesize

    353KB

    MD5

    a5389200f9bbc7be1276d74ccd2939b4

    SHA1

    8d6f17c7d36f686e727b6e7b3a62812297228943

    SHA256

    494db162e2ccd95e69404a34170b6e59847f444881834f3c175c6bc70d783087

    SHA512

    fc1d1e81362d186410b4af3d6add3c8b32fdd75ea79b7e868cc16615358264af04f47170229d32dffcbf7e1ba2b841ccd2d4f27b0f8d82a0685806c22d3d0a92

    Download Submit

  • C:\Windows\System32\perfh011.dat
    Filesize

    158KB

    MD5

    41f2dbe6f02b3bb9802d60f10b4ef7a2

    SHA1

    f1b03d28e5be3db3341f3a399d1cc887fe8da794

    SHA256

    eca01d5405d7e8af92ea60f888f891415ea2e1e6484caff15cbaf5a645700db2

    SHA512

    1c7b85e12050d670d48121e7670e1dab787e0a0b134e0ab314dc571c3969d0f9652ff76666bb433aac5886ca532404963a3041a1d4b4352e3051c838965fd3b1

    Download Submit