asyncrat | bc48b3506a5e5fcaeb79b4a40afabb2e5405318ccb23d465c193e54ac8374881

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20-10-2024 01:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bc48b3506a5e5fcaeb79b4a40afabb2e5405318ccb23d465c193e54ac8374881.exe
Size

240KB
MD5

548fa8f694ed1c25c219d93748fb856b
SHA1

e28cbba300e7381a8cc4e548cae6b73c78f939ad
SHA256

bc48b3506a5e5fcaeb79b4a40afabb2e5405318ccb23d465c193e54ac8374881
SHA512

856e8693cf4da203450fc0723a5d51ef0e309629a2101d588d0f00ac8c0368ea8f631dd8cff928cb5311397249db3f6024b6e939a70d9c9b809450ffd54f2da3
SSDEEP

3072:Z/0EX0X/E4r7cu1sF2OhY2czT81/SGZ1s+FWSBz65/M6If+3Js+3JFkKeTn5Nz:N000vXrDsF2MY2cnMVPFWSxBt25i

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

54.253.7.109:4447

Mutex

d5svw6kxmeIc

Attributes

delay
19
install
false
install_file
service.exe
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Async RAT payload 1 IoCs

rat

Processes:

resource	yara_rule
behavioral1/memory/2644-263-0x0000000000970000-0x0000000000982000-memory.dmp	family_asyncrat

C:\Users\Admin\AppData\Local\Temp\bc48b3506a5e5fcaeb79b4a40afabb2e5405318ccb23d465c193e54ac8374881.exe
"C:\Users\Admin\AppData\Local\Temp\bc48b3506a5e5fcaeb79b4a40afabb2e5405318ccb23d465c193e54ac8374881.exe"
1⤵
PID:2644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4614eb446a7a05cf7b283ca405843ab9

SHA1
26d84deb18b9d25f62b4ca8bf3d33f168ff8acb8

SHA256
0290a1f0602854e177a45e5f62839056d32f81df92d796caa0c3a6a95310af74

SHA512
c0390f76afe0a44e7a9daf61ee40d5f161f2566a8092d5f30e5d35417ee998df9e51f62bc33ef2e47b0d86b31aa07a618b575245e11e8df4f56f41376f49994f

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF9DB.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF9FD.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2644-0-0x000007FEF64CE000-0x000007FEF64CF000-memory.dmp

Filesize
4KB

Download
memory/2644-29-0x000007FEF6210000-0x000007FEF6BAD000-memory.dmp

Filesize
9.6MB

Download
memory/2644-261-0x0000000001F90000-0x0000000001FCE000-memory.dmp

Filesize
248KB

Download
memory/2644-262-0x0000000000990000-0x0000000000996000-memory.dmp

Filesize
24KB

Download
memory/2644-263-0x0000000000970000-0x0000000000982000-memory.dmp

Filesize
72KB

Download
memory/2644-264-0x000007FEF6210000-0x000007FEF6BAD000-memory.dmp

Filesize
9.6MB

Download
memory/2644-265-0x000007FEF64CE000-0x000007FEF64CF000-memory.dmp

Filesize
4KB

Download