asyncrat | 1ca5b9398a15b5066cee6ad42de5266dfcfdb0fc1a98bba49e1594c3fc07b7d9

Analysis

max time kernel
132s
max time network
145s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02/12/2024, 14:22

Target

2024-03-14-AsyncRAT-EXE-extracted-from-process-memory-2-of-2.exe
Size

64KB
MD5

51137b7b5df4c93e29670d57b2d93a94
SHA1

3f1adafe5801adcca2cdc514d0c5fd7cdc54959a
SHA256

1ca5b9398a15b5066cee6ad42de5266dfcfdb0fc1a98bba49e1594c3fc07b7d9
SHA512

dd1a67ed091e1a6245019f54dab4756991210fa0c4d8c9f458c4ee6fd48534fbdd2dd8b5185d34b5418bfe431d87715ac835471dc6a0d1c4c2659dd7eb3776be
SSDEEP

1536:3vCCPT+z8XWpTW8uYUbHh9zugdpqKmY7:3vvyzpTWxYUbH9Gz

Score

10^/10

Family

asyncrat

Botnet

Default

91.92.252.234:3232

Attributes

aes.plain

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2136	2024-03-14-AsyncRAT-EXE-extracted-from-process-memory-2-of-2.exe

C:\Users\Admin\AppData\Local\Temp\2024-03-14-AsyncRAT-EXE-extracted-from-process-memory-2-of-2.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-14-AsyncRAT-EXE-extracted-from-process-memory-2-of-2.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2136

memory/2136-0-0x000007FEF5B03000-0x000007FEF5B04000-memory.dmp

Filesize
4KB

Download
memory/2136-1-0x00000000012F0000-0x0000000001306000-memory.dmp

Filesize
88KB

Download
memory/2136-2-0x000007FEF5B00000-0x000007FEF64EC000-memory.dmp

Filesize
9.9MB

Download
memory/2136-3-0x000007FEF5B00000-0x000007FEF64EC000-memory.dmp

Filesize
9.9MB

Download
memory/2136-4-0x000007FEF5B03000-0x000007FEF5B04000-memory.dmp

Filesize
4KB

Download
memory/2136-5-0x000007FEF5B00000-0x000007FEF64EC000-memory.dmp

Filesize
9.9MB

Download