Overview

overview

10

Static

static

1

bc48b3506a...81.exe

windows7-x64

10

bc48b3506a...81.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-10-2024 01:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bc48b3506a5e5fcaeb79b4a40afabb2e5405318ccb23d465c193e54ac8374881.exe

  • Size

    240KB

  • MD5

    548fa8f694ed1c25c219d93748fb856b

  • SHA1

    e28cbba300e7381a8cc4e548cae6b73c78f939ad

  • SHA256

    bc48b3506a5e5fcaeb79b4a40afabb2e5405318ccb23d465c193e54ac8374881

  • SHA512

    856e8693cf4da203450fc0723a5d51ef0e309629a2101d588d0f00ac8c0368ea8f631dd8cff928cb5311397249db3f6024b6e939a70d9c9b809450ffd54f2da3

  • SSDEEP

    3072:Z/0EX0X/E4r7cu1sF2OhY2czT81/SGZ1s+FWSBz65/M6If+3Js+3JFkKeTn5Nz:N000vXrDsF2MY2cnMVPFWSxBt25i

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

54.253.7.109:4447

Mutex

d5svw6kxmeIc

Attributes
  • delay

    19

  • install

    false

  • install_file

    service.exe

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Async RAT payload 1 IoCs
    rat

Processes

  • C:\Users\Admin\AppData\Local\Temp\bc48b3506a5e5fcaeb79b4a40afabb2e5405318ccb23d465c193e54ac8374881.exe
    "C:\Users\Admin\AppData\Local\Temp\bc48b3506a5e5fcaeb79b4a40afabb2e5405318ccb23d465c193e54ac8374881.exe"
    1⤵
      PID:4280

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4280-0-0x00007FF85E795000-0x00007FF85E796000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4280-1-0x00007FF85E4E0000-0x00007FF85EE81000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/4280-2-0x00007FF85E4E0000-0x00007FF85EE81000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/4280-5-0x0000000001790000-0x00000000017CE000-memory.dmp

      Filesize

      248KB

      Download

    • memory/4280-6-0x000000001C4D0000-0x000000001C576000-memory.dmp

      Filesize

      664KB

      Download

    • memory/4280-7-0x000000001CB30000-0x000000001CFFE000-memory.dmp

      Filesize

      4.8MB

      Download

    • memory/4280-8-0x000000001D000000-0x000000001D09C000-memory.dmp

      Filesize

      624KB

      Download

    • memory/4280-9-0x000000001C1A0000-0x000000001C1A6000-memory.dmp

      Filesize

      24KB

      Download

    • memory/4280-10-0x00000000017E0000-0x00000000017E8000-memory.dmp

      Filesize

      32KB

      Download

    • memory/4280-11-0x000000001D440000-0x000000001D48C000-memory.dmp

      Filesize

      304KB

      Download

    • memory/4280-12-0x00000000017F0000-0x0000000001802000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4280-13-0x00007FF85E4E0000-0x00007FF85EE81000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/4280-14-0x00007FF85E795000-0x00007FF85E796000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4280-15-0x00007FF85E4E0000-0x00007FF85EE81000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/4280-16-0x00007FF85E4E0000-0x00007FF85EE81000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/4280-17-0x00007FF85E4E0000-0x00007FF85EE81000-memory.dmp

      Filesize

      9.6MB

      Download