asyncrat | d5d261f32c317717df4289fc4d6c5d2155b3c4d545fbd7e55cd24152f35042da

Analysis

max time kernel
104s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20250410-en
resource tags

arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
submitted
12/04/2025, 21:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

shellcode_loader.exe
Size

1.7MB
MD5

d4fe738d7991a00669410578b9eb7ca9
SHA1

d4d1f3eb846d735b0679144d355c3daf2e8467e1
SHA256

d5d261f32c317717df4289fc4d6c5d2155b3c4d545fbd7e55cd24152f35042da
SHA512

b97888483aafa8f640caabb500ae445cf891deedb6f60b2c52c8905eb2cdd6f715c33ac2444fba3460f7444453777724d25c581b071a9e702e85b28e22ddd838
SSDEEP

49152:HKayovwasyyNGbfFd+vCRVNDzAv7G/VlCm4IU6i:aYmAvH+

Score

10^/10

asyncrat venomrat default rat

Malware Config

Extracted

Family

asyncrat

Version

L838 RAT v1.0.0

Botnet

Default

Mutex

sfsafqagbiv

Attributes

delay
1
install
true
install_file
Runtime Broker.exe
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/rVJQPNVe

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat

VenomRAT 1 IoCs

Detects VenomRAT.

rat

resource	yara_rule
behavioral1/memory/1332-1-0x000001ADE52E0000-0x000001ADE52F3000-memory.dmp	VenomRAT

Venomrat family
venomrat

Async RAT payload 1 IoCs

rat

resource	yara_rule
behavioral1/memory/1332-1-0x000001ADE52E0000-0x000001ADE52F3000-memory.dmp	family_asyncrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	pastebin.com
4	pastebin.com

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1332 wrote to memory of 5028	1332	shellcode_loader.exe	86
PID 1332 wrote to memory of 5028	1332	shellcode_loader.exe	86

C:\Users\Admin\AppData\Local\Temp\shellcode_loader.exe
"C:\Users\Admin\AppData\Local\Temp\shellcode_loader.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1332
- C:\Windows\system32\cmd.exe
  "cmd" /c cls
  2⤵
  PID:5028

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1332-1-0x000001ADE52E0000-0x000001ADE52F3000-memory.dmp

Filesize
76KB

Download