Overview

overview

10

Static

static

10

Async_RAT_...on.rar

windows7-x64

1

Async_RAT_...on.rar

windows10-2004-x64

7

Async RAT ...AT.exe

windows7-x64

1

Async RAT ...AT.exe

windows10-2004-x64

1

Async RAT ...xe.xml

windows7-x64

3

Async RAT ...xe.xml

windows10-2004-x64

1

Async RAT ...ox.xml

windows7-x64

3

Async RAT ...ox.xml

windows10-2004-x64

1

Async RAT ...at.dll

windows7-x64

1

Async RAT ...at.dll

windows10-2004-x64

1

Async RAT ...ra.dll

windows7-x64

1

Async RAT ...ra.dll

windows10-2004-x64

1

Async RAT ...er.dll

windows7-x64

1

Async RAT ...er.dll

windows10-2004-x64

1

Async RAT ...er.dll

windows7-x64

1

Async RAT ...er.dll

windows10-2004-x64

1

Async RAT ...er.dll

windows7-x64

1

Async RAT ...er.dll

windows10-2004-x64

1

Async RAT ...us.dll

windows7-x64

1

Async RAT ...us.dll

windows10-2004-x64

1

Async RAT ...on.xml

windows7-x64

3

Async RAT ...on.xml

windows10-2004-x64

1

Async RAT ...ns.dll

windows7-x64

1

Async RAT ...ns.dll

windows10-2004-x64

1

Async RAT ...er.dll

windows7-x64

1

Async RAT ...er.dll

windows10-2004-x64

1

Async RAT ...ry.dll

windows7-x64

1

Async RAT ...ry.dll

windows10-2004-x64

1

Async RAT ...ra.dll

windows7-x64

1

Async RAT ...ra.dll

windows10-2004-x64

1

Async RAT ...op.dll

windows7-x64

1

Async RAT ...op.dll

windows10-2004-x64

1

Resubmissions

22/01/2025, 03:19

250122-dvay4avrat 10

22/01/2025, 03:06

250122-dlynssvmhx 10

22/01/2025, 02:59

250122-dg5xbavldv 10

Analysis

  • max time kernel
    345s
  • max time network
    314s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/01/2025, 02:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Async_RAT_v0.5.8_Turkce_Versiyon.rar

  • Size

    6.7MB

  • MD5

    e84d6fd96d14438722766005508fccc8

  • SHA1

    78d566c436d516365444a0bc57837e9e27a2162c

  • SHA256

    ef047ee404b42840a4094dd67ca0330a1623724dc537fbe84fe52c2111633141

  • SHA512

    1df3101f93476cba86b2b4019c4705e3320b0debc206fc62fd47bcee907de4e5390eaf8e06b95ad4927eb92692b9dd5f96130e9ac226be00b9a89e819e288be8

  • SSDEEP

    196608:aD8RRxdOGw+3z4Wvkwabq3y3+YRCUFQEwDwOhR7tqbF:BvkTq3aQUhwDfhbqbF

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 27 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Async_RAT_v0.5.8_Turkce_Versiyon.rar"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2012
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4532
    • C:\Users\Admin\Desktop\Async RAT v0.5.8 Türkçe Versiyon\AsyncRAT.exe
      "C:\Users\Admin\Desktop\Async RAT v0.5.8 Türkçe Versiyon\AsyncRAT.exe"
      1⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1632
    • C:\Windows\system32\wbem\WmiApSrv.exe
      C:\Windows\system32\wbem\WmiApSrv.exe
      1⤵
        PID:4456

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\Desktop\Async RAT v0.5.8 Türkçe Versiyon\AsyncRAT.exe
        Filesize

        6.6MB

        MD5

        d9b0dd1451164fe93b0161d8a324e5ef

        SHA1

        727956da8202910e55a856232886587fda7bd327

        SHA256

        c49408393db15b24a5df9bcb194a50d646698d2c5ffa326c15e68db08a5f2a79

        SHA512

        7c73bce623bc727530be91697d5d919f5c65d9908b8108e694bfc0cf140d65b10d2f0d035e1b5ab64e36bc441f39167bee40b4573edeac2420904795d108fa3d

        Download Submit

      • C:\Users\Admin\Desktop\Async RAT v0.5.8 Türkçe Versiyon\AsyncRAT.exe.config
        Filesize

        5KB

        MD5

        4b75a90ebd1ad017f1b14c08c44d0a72

        SHA1

        196d635d75d25c68c1b9adf7e81761f9763ebaaa

        SHA256

        8dbe1462d5e9dfcef022796b8b12dbd088e3539a6aeec566194e86dea8dbb582

        SHA512

        c2131ed1d70165ae0d41f91e297b1a7ef0674af71057be4c9b4e6f8f2989f5a75c479bf24f90109d01eb5b578d859be7caed20a0b4b3187541ab533cc76711a5

        Download Submit

      • memory/1632-53-0x00007FFCD7873000-0x00007FFCD7875000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1632-54-0x0000020F52DF0000-0x0000020F5348C000-memory.dmp

        Filesize

        6.6MB

        Download

      • memory/1632-57-0x0000020F6D9C0000-0x0000020F6DC12000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/1632-56-0x00007FFCD7870000-0x00007FFCD8331000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/1632-58-0x0000020F6DF10000-0x0000020F6DF1A000-memory.dmp

        Filesize

        40KB

        Download

      • memory/1632-59-0x00007FFCD7873000-0x00007FFCD7875000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1632-60-0x00007FFCD7870000-0x00007FFCD8331000-memory.dmp

        Filesize

        10.8MB

        Download