asyncrat | f5044936f0ad796b879fd0a0dbfb4d5bf09208b49dfabd028a129982bdf397eb

Analysis

max time kernel
150s
max time network
146s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250128-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250128-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
30/01/2025, 18:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client.exe
Size

47KB
MD5

57473532df9f36a28a448ee34f4f7fd3
SHA1

316e00632305a48730ca5cc79fa1b82262d53ddf
SHA256

f5044936f0ad796b879fd0a0dbfb4d5bf09208b49dfabd028a129982bdf397eb
SHA512

8ef6ad8bc599a1646b6b45cc3cfc7ce812986b8f1e1c030f01f0f58f52350650f3ac97df58234cce165f9b5035bbf0161ddf10389e4b093984a0cedfa2c0ced0
SSDEEP

768:8oGDMmILyCe++bittelDSN+iV08YbygeAgQovEgK/JjZVc6KN:8o0MWSttKDs4zb1XXonkJjZVclN

Score

10^/10

asyncrat rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Mutex

atqrqvplsfah

Attributes

delay
1
install
false
install_file
winws.exe
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/cn4rM5C9

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 21 IoCs

Web Service

T1102

flow	ioc
45	pastebin.com
1	pastebin.com
7	pastebin.com
37	pastebin.com
39	pastebin.com
23	pastebin.com
26	pastebin.com
28	pastebin.com
31	pastebin.com
2	pastebin.com
4	pastebin.com
5	pastebin.com
6	pastebin.com
38	pastebin.com
8	pastebin.com
42	pastebin.com
46	pastebin.com
24	pastebin.com
25	pastebin.com
30	pastebin.com
44	pastebin.com

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4024	Client.exe

C:\Users\Admin\AppData\Local\Temp\Client.exe
"C:\Users\Admin\AppData\Local\Temp\Client.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4024-0-0x00007FF9449A3000-0x00007FF9449A5000-memory.dmp

Filesize
8KB

Download
memory/4024-1-0x0000000000B50000-0x0000000000B62000-memory.dmp

Filesize
72KB

Download
memory/4024-2-0x00007FF9449A0000-0x00007FF945462000-memory.dmp

Filesize
10.8MB

Download
memory/4024-3-0x00007FF9449A3000-0x00007FF9449A5000-memory.dmp

Filesize
8KB

Download
memory/4024-4-0x00007FF9449A0000-0x00007FF945462000-memory.dmp

Filesize
10.8MB

Download