asyncrat | 0e19cefba973323c234322452dfd04e318f14809375090b4f6ab39282f6ba07e

Analysis

max time kernel
147s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
12-10-2024 07:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Stub.exe
Size

38KB
MD5

f76702fa423ce2b2b4b0fdcf547b0789
SHA1

ea408a4419e8a3139ef14df987608964c12d3190
SHA256

0e19cefba973323c234322452dfd04e318f14809375090b4f6ab39282f6ba07e
SHA512

03c7d8814687bb4f11ac41a555f368d89d5be749c92624073b77da0e57d872df201f2657b180ad0c9d5bc9ffa0a85989bf31374c7e5deefa06cf36bce3697971
SSDEEP

768:9Xaug0LrCc4d7VtOjkR26/XgNhKwEuyj67zACVyI1rXDjkY5Z07:dafSuVtOGfgTKwt3Nk7

Score

10^/10

asyncrat discovery rat

Malware Config

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

5228 2888 WerFault.exe Stub.exe
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

Stub.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Stub.exe

pid	pid_target	process	target process
5228	2888	WerFault.exe	Stub.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Stub.exe

C:\Users\Admin\AppData\Local\Temp\Stub.exe
"C:\Users\Admin\AppData\Local\Temp\Stub.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 756
2⤵
- Program crash
PID:5228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2888 -ip 2888
1⤵
PID:4680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2888-0-0x00000000744BE000-0x00000000744BF000-memory.dmp

Filesize
4KB

Download
memory/2888-1-0x0000000000C10000-0x0000000000C20000-memory.dmp

Filesize
64KB

Download