asyncrat | f5044936f0ad796b879fd0a0dbfb4d5bf09208b49dfabd028a129982bdf397eb

Analysis

max time kernel
17s
max time network
18s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
30/01/2025, 18:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client.exe
Size

47KB
MD5

57473532df9f36a28a448ee34f4f7fd3
SHA1

316e00632305a48730ca5cc79fa1b82262d53ddf
SHA256

f5044936f0ad796b879fd0a0dbfb4d5bf09208b49dfabd028a129982bdf397eb
SHA512

8ef6ad8bc599a1646b6b45cc3cfc7ce812986b8f1e1c030f01f0f58f52350650f3ac97df58234cce165f9b5035bbf0161ddf10389e4b093984a0cedfa2c0ced0
SSDEEP

768:8oGDMmILyCe++bittelDSN+iV08YbygeAgQovEgK/JjZVc6KN:8o0MWSttKDs4zb1XXonkJjZVclN

Score

10^/10

asyncrat rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Mutex

atqrqvplsfah

Attributes

delay
1
install
false
install_file
winws.exe
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/cn4rM5C9

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
15	pastebin.com
16	pastebin.com
20	pastebin.com
21	pastebin.com
22	pastebin.com

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	688	Client.exe

C:\Users\Admin\AppData\Local\Temp\Client.exe
"C:\Users\Admin\AppData\Local\Temp\Client.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/688-0-0x00007FFCEB1D3000-0x00007FFCEB1D5000-memory.dmp

Filesize
8KB

Download
memory/688-1-0x00000000006A0000-0x00000000006B2000-memory.dmp

Filesize
72KB

Download
memory/688-2-0x00007FFCEB1D0000-0x00007FFCEBC91000-memory.dmp

Filesize
10.8MB

Download
memory/688-3-0x00007FFCEB1D3000-0x00007FFCEB1D5000-memory.dmp

Filesize
8KB

Download
memory/688-4-0x00007FFCEB1D0000-0x00007FFCEBC91000-memory.dmp

Filesize
10.8MB

Download