asyncrat | 485988e4c73c97259975c805dd8798248938b2b8d284768844bbcf0602c8da99

Analysis

max time kernel
150s
max time network
150s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
27-11-2024 01:25

Target

Infected.exe
Size

63KB
MD5

154f59f757ea25b0fb65f326abafc16f
SHA1

f0ac6d75d611300664b003305d34713caf24a072
SHA256

485988e4c73c97259975c805dd8798248938b2b8d284768844bbcf0602c8da99
SHA512

74e266000e6bb385162c1ecccc0c0dec09011a887a7333a7984941f79d6a71ac0c23c33dc5cafd5181864a57370a059ef66584dcce3cb33ee521f14e197e4579
SSDEEP

768:Qv0M2UM/978aQC8A+XjlazcBRL5JTk1+T4KSBGHmDbD/ph0oXj/liWwDaSu0dpqM:b1/k/dSJYUbdh95iWwDNu0dpqKmY7

Score

10^/10

Family

asyncrat

Botnet

Default

p-surplus.gl.at.ply.gg:7938

Attributes

aes.plain

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat

Suspicious behavior: EnumeratesProcesses 64 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4080	Infected.exe

memory/4080-0-0x00007FF937883000-0x00007FF937885000-memory.dmp

Filesize
8KB

Download
memory/4080-1-0x0000000000530000-0x0000000000546000-memory.dmp

Filesize
88KB

Download
memory/4080-2-0x00007FF937880000-0x00007FF938342000-memory.dmp

Filesize
10.8MB

Download
memory/4080-3-0x00007FF937880000-0x00007FF938342000-memory.dmp

Filesize
10.8MB

Download
memory/4080-4-0x00007FF937883000-0x00007FF937885000-memory.dmp

Filesize
8KB

Download
memory/4080-5-0x00007FF937880000-0x00007FF938342000-memory.dmp

Filesize
10.8MB

Download
memory/4080-6-0x00007FF937880000-0x00007FF938342000-memory.dmp

Filesize
10.8MB

Download