asyncrat | efd0b60d95cc2ab93e3a8c0379abb8bf8cc2e4fc51cb5dace11bcd695accd4f5

Analysis

max time kernel
139s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11-08-2024 06:59

Target

77c3e75b0a76cb3deb940bcb38486568.exe
Size

63KB
MD5

77c3e75b0a76cb3deb940bcb38486568
SHA1

80282f7cea966f51f1c261ce2d35d76da017e84a
SHA256

efd0b60d95cc2ab93e3a8c0379abb8bf8cc2e4fc51cb5dace11bcd695accd4f5
SHA512

068509bf328a063d16a4702e3f31430df64319164bffd3628aec25c04d9e05e1f199fd584fe4fb5a3ee5c716aece9791005e1add2ee9c02acc3c017e652bed70
SSDEEP

1536:SEXi4PmntF92/QYUbyq9RcO3euUdpqKmY7:SZ+mntaYYUbymcrGz

Score

10^/10

Family

asyncrat

Botnet

Default

add-parker.gl.at.ply.gg:3232

Attributes

aes.plain

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2104	77c3e75b0a76cb3deb940bcb38486568.exe

C:\Users\Admin\AppData\Local\Temp\77c3e75b0a76cb3deb940bcb38486568.exe
"C:\Users\Admin\AppData\Local\Temp\77c3e75b0a76cb3deb940bcb38486568.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2104

memory/2104-1-0x0000000000390000-0x00000000003A6000-memory.dmp

Filesize
88KB

Download
memory/2104-0-0x00007FFCEFC63000-0x00007FFCEFC65000-memory.dmp

Filesize
8KB

Download
memory/2104-2-0x00007FFCEFC60000-0x00007FFCF0721000-memory.dmp

Filesize
10.8MB

Download
memory/2104-3-0x00007FFCEFC60000-0x00007FFCF0721000-memory.dmp

Filesize
10.8MB

Download
memory/2104-4-0x00007FFCEFC60000-0x00007FFCF0721000-memory.dmp

Filesize
10.8MB

Download