asyncrat | 2f8a1772bb051c6b730649fcbe00a51b20b0e4d6f71bd28e06d5d2cffd3e1621 | Triage

Submit
Reports

Overview

overview

Static

static

c756c74315...3f.exe

windows7_x64

c756c74315...3f.exe

windows10_x64

Sharing

General

Target

c756c7431558b4848bbd865af6aba43f
Size

3.8MB
Sample

201026-kvwvjgy7le
MD5

c756c7431558b4848bbd865af6aba43f
SHA1

e34592243c9a070c91bc4735ca9d9cc67066a40f
SHA256

2f8a1772bb051c6b730649fcbe00a51b20b0e4d6f71bd28e06d5d2cffd3e1621
SHA512

37ae8613a774708148c9fb5e59466f0fc361807dfde7c5ef9a892d4adc7e6648b6c8425bcfa40df98fea8d9846ddbf452504c14e12e320bf08af540b1a28e897

Score

10^/10

asyncrat darkcomet 2020okt999+2020okt999+++4 evasion persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

c756c7431558b4848bbd865af6aba43f.exe

Resource

win7

asyncrat darkcomet 2020okt999+2020okt999+++4 evasion persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

c756c7431558b4848bbd865af6aba43f.exe

Resource

win10

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

2020okt999+

C2

sandyclark255.hopto.org:1605

Mutex

DC_MUTEX-11WPGQ5

Attributes

InstallPath
winzipl.exe
gencode
YGhUoUZB2403
install
true
offline_keylogger
true
password
hhhhhh
persistence
true
reg_key
wzip

Extracted

Family

darkcomet

Botnet

2020okt999+++4

C2

sandyclark255.hopto.org:1605

Mutex

DC_MUTEX-D50H81E

Attributes

InstallPath
word64l.exe
gencode
0zgSCfjSH24W
install
true
offline_keylogger
true
password
hhhhhh
persistence
true
reg_key
winworde

Extracted

Family

asyncrat

Version

0.5.6A

C2

sandyclark255.hopto.org:6606

sandyclark255.hopto.org:8808

sandyclark255.hopto.org:7707

Mutex

adeweqwsds33

Attributes

aes_key
VhvRfPRGj3DXYrQBZXEtiFBwxpOo0frl
anti_detection
false
autorun
true
bdos
false
delay
host
sandyclark255.hopto.org
hwid
install_file
install_folder
%Temp%
mutex
adeweqwsds33
pastebin_config
null
port
6606,8808,7707
version
0.5.6A

aes.plain

Targets

- Target
  
  c756c7431558b4848bbd865af6aba43f
- Size
  
  3.8MB
- MD5
  
  c756c7431558b4848bbd865af6aba43f
- SHA1
  
  e34592243c9a070c91bc4735ca9d9cc67066a40f
- SHA256
  
  2f8a1772bb051c6b730649fcbe00a51b20b0e4d6f71bd28e06d5d2cffd3e1621
- SHA512
  
  37ae8613a774708148c9fb5e59466f0fc361807dfde7c5ef9a892d4adc7e6648b6c8425bcfa40df98fea8d9846ddbf452504c14e12e320bf08af540b1a28e897
Score

10^/10

asyncrat darkcomet 2020okt999+2020okt999+++4 evasion persistence rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Async RAT payload
  rat
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Winlogon Helper DLL

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratdarkcomet2020okt999+2020okt999+++4evasionpersistencerattrojan

behavioral2

© 2018-2024

Terms | Privacy