asyncrat | a0391e7daabf5879dfd6197d12da795b2b28e3c3956fbe77cfa1c1e1491b6e27

Analysis

max time kernel
118s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
16/01/2025, 21:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a0391e7daabf5879dfd6197d12da795b2b28e3c3956fbe77cfa1c1e1491b6e27N.exe
Size

47KB
MD5

9c03fae3695a2c2730e98ae9a613d8b0
SHA1

e9de103a060d1fd4af17008473e2bad7bffbe498
SHA256

a0391e7daabf5879dfd6197d12da795b2b28e3c3956fbe77cfa1c1e1491b6e27
SHA512

818bb3474d43284991ea040e4f5754dd3ee9edf5b6a317859385250c40eb5053a9132ecef3688cb17e490d5637facc2ca812b9b01f715e13ecf6adc89b715fc4
SSDEEP

768:60ORLQlmfJfgEEdaKnSL79nXIhJwq24HlHvKNu9k0A3whM80rZsd7/lZVc6KNc:HcLQlmfbCeegqxHb9s3Mvqs9/lZVclNc

Score

10^/10

asyncrat gdfjbxc9as rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

GDFjbxc9as

Mutex

Gx0edRwRzsDs0gzwQ

Attributes

delay
1
install
false
install_file
GoogleUpdates.exe
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/QLnQD5yh

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 23 IoCs

Web Service

T1102

flow	ioc
47	pastebin.com
51	pastebin.com
52	pastebin.com
54	pastebin.com
63	pastebin.com
64	pastebin.com
44	pastebin.com
28	pastebin.com
58	pastebin.com
12	pastebin.com
37	pastebin.com
45	pastebin.com
46	pastebin.com
55	pastebin.com
61	pastebin.com
21	pastebin.com
17	pastebin.com
18	pastebin.com
23	pastebin.com
43	pastebin.com
53	pastebin.com
62	pastebin.com
13	pastebin.com

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4700	a0391e7daabf5879dfd6197d12da795b2b28e3c3956fbe77cfa1c1e1491b6e27N.exe

C:\Users\Admin\AppData\Local\Temp\a0391e7daabf5879dfd6197d12da795b2b28e3c3956fbe77cfa1c1e1491b6e27N.exe
"C:\Users\Admin\AppData\Local\Temp\a0391e7daabf5879dfd6197d12da795b2b28e3c3956fbe77cfa1c1e1491b6e27N.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4700-0-0x00007FF976223000-0x00007FF976225000-memory.dmp

Filesize
8KB

Download
memory/4700-1-0x0000000000C10000-0x0000000000C22000-memory.dmp

Filesize
72KB

Download
memory/4700-2-0x00007FF976220000-0x00007FF976CE1000-memory.dmp

Filesize
10.8MB

Download
memory/4700-3-0x00007FF976223000-0x00007FF976225000-memory.dmp

Filesize
8KB

Download
memory/4700-4-0x00007FF976220000-0x00007FF976CE1000-memory.dmp

Filesize
10.8MB

Download