asyncrat | f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27

Analysis

max time kernel
149s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2024 12:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27.exe
Size

101KB
MD5

a1fe7a12cb417958f64b2a7486d23337
SHA1

bc88d369bb44e96eefad961260d8f5ed56f21d31
SHA256

f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27
SHA512

5785cec36f07903239c530b15012de3f7707a471f039056aa2e8a425f620183a3988ec493ae805f45d85278b0f89dc39f5888e960dfce76007cd495cc0cf665f
SSDEEP

3072:LU5cxwf3iPMVDe9VdQsH1bf4DmpQbl9m0EARiBY:Lw3iPMVDaesVb+mpH0Zw

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

127.0.0.1:4449

127.0.0.1:8080

127.0.0.1:41232

panel.zikq-shmily.com:4449

panel.zikq-shmily.com:8080

panel.zikq-shmily.com:41232

Mutex

mdhfyafeuhum

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat

Suspicious behavior: EnumeratesProcesses 31 IoCs

pid	Process
3132	f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27.exe
3132	f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27.exe
3132	f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27.exe
3132	f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27.exe
3132	f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27.exe
3132	f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27.exe
3132	f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27.exe
3132	f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27.exe
3132	f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27.exe
3132	f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27.exe
3132	f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27.exe
3132	f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27.exe
3132	f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27.exe
3132	f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27.exe
3132	f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27.exe
3132	f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27.exe
3132	f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27.exe
3132	f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27.exe
3132	f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27.exe
3132	f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27.exe
3132	f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27.exe
3132	f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27.exe
3132	f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27.exe
3132	f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27.exe
3132	f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27.exe
3132	f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27.exe
3132	f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27.exe
3132	f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27.exe
3132	f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27.exe
3132	f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27.exe
3132	f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3132	f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3132	f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27.exe

C:\Users\Admin\AppData\Local\Temp\f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27.exe
"C:\Users\Admin\AppData\Local\Temp\f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3132

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3132-0-0x00007FFC50C43000-0x00007FFC50C45000-memory.dmp

Filesize
8KB

Download
memory/3132-1-0x0000000000C00000-0x0000000000C1E000-memory.dmp

Filesize
120KB

Download
memory/3132-3-0x00007FFC50C40000-0x00007FFC51701000-memory.dmp

Filesize
10.8MB

Download
memory/3132-4-0x00007FFC50C40000-0x00007FFC51701000-memory.dmp

Filesize
10.8MB

Download
memory/3132-5-0x00007FFC50C43000-0x00007FFC50C45000-memory.dmp

Filesize
8KB

Download
memory/3132-6-0x00007FFC50C40000-0x00007FFC51701000-memory.dmp

Filesize
10.8MB

Download
memory/3132-7-0x00007FFC50C40000-0x00007FFC51701000-memory.dmp

Filesize
10.8MB

Download