asyncrat | 9ea1287b00a370153de5ee5ba19bf568a9b55b63ac4da4ac8ec755eb8c8e3ca5

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-12-2024 06:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

rbot.exe
Size

74KB
MD5

d3e25ac19ab764cb87aef7ce67421529
SHA1

57b7b67bb36dfc5fd0cc7dc2475acb89b6038a51
SHA256

9ea1287b00a370153de5ee5ba19bf568a9b55b63ac4da4ac8ec755eb8c8e3ca5
SHA512

394dce23cebdfaf889c643848093d4b21eb1cbcd108560a39241d796891ef4015b31e86f6f6b9525bd5f6f1856e55d3d7384ae5f07188ce5326d4e5077c56d20
SSDEEP

1536:LUk0cxVGlCBiPMVye9VdQuDI6H1bf/Q52+QdQzc+LVclN:LURcxVMWiPMVye9VdQsH1bfI5sQXBY

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

Mutex

luiijmnzfd

Attributes

delay
1
install
false
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/RdDXA3cD

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
12	pastebin.com
13	pastebin.com

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1716	rbot.exe
1716	rbot.exe
1716	rbot.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1716	rbot.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1716	rbot.exe

C:\Users\Admin\AppData\Local\Temp\rbot.exe
"C:\Users\Admin\AppData\Local\Temp\rbot.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1716-0-0x00007FFFFEA73000-0x00007FFFFEA75000-memory.dmp

Filesize
8KB

Download
memory/1716-1-0x00000000005F0000-0x0000000000608000-memory.dmp

Filesize
96KB

Download
memory/1716-3-0x00007FFFFEA70000-0x00007FFFFF531000-memory.dmp

Filesize
10.8MB

Download
memory/1716-4-0x00007FFFFEA70000-0x00007FFFFF531000-memory.dmp

Filesize
10.8MB

Download
memory/1716-7-0x00007FFFFEA70000-0x00007FFFFF531000-memory.dmp

Filesize
10.8MB

Download
memory/1716-8-0x00007FFFFEA70000-0x00007FFFFF531000-memory.dmp

Filesize
10.8MB

Download
memory/1716-10-0x00007FFFFEA73000-0x00007FFFFEA75000-memory.dmp

Filesize
8KB

Download
memory/1716-11-0x00007FFFFEA70000-0x00007FFFFF531000-memory.dmp

Filesize
10.8MB

Download
memory/1716-12-0x00007FFFFEA70000-0x00007FFFFF531000-memory.dmp

Filesize
10.8MB

Download
memory/1716-13-0x00007FFFFEA70000-0x00007FFFFF531000-memory.dmp

Filesize
10.8MB

Download
memory/1716-14-0x00007FFFFEA70000-0x00007FFFFF531000-memory.dmp

Filesize
10.8MB

Download