asyncrat | 71444376cd428f1934e94d2933197c4f0bfe03019b845a81fdeb922bcae95d7a | Triage

Submit
Reports

Overview

overview

Static

static

8

Invoice 09... 3.xls

windows7_x64

Invoice 09... 3.xls

windows10_x64

Sharing

General

Target

Invoice 098734543 3.xls
Size

66KB
Sample

201026-m5qxdhnzcj
MD5

a86efdb09b8ec5a298f512459ff8d64d
SHA1

17a9506e70c78f7de865af5be040384997bba4cb
SHA256

71444376cd428f1934e94d2933197c4f0bfe03019b845a81fdeb922bcae95d7a
SHA512

b984f9b55e46861b6233b13e1e88200db7bd43c6c09d95ccd6bda6a189c6cd00b6a30dc94b574d9db0a2cb139ef2f5284ac7a84a580072575341187f225851f0

Score

10^/10

asyncrat macro rat

Static task

static1

Behavioral task

behavioral1

Sample

Invoice 098734543 3.xls

Resource

win7

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Invoice 098734543 3.xls

Resource

win10

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://tinyurl.com/y6ak9qcl

Extracted

Family

asyncrat

Version

0.5.7B

C2

185.165.153.249:4371

Mutex

AsyncMutex_6SI8OkPnk

Attributes

aes_key
4lpLfCzV6wCkayaT0MjD3qp2ZVBd759O
anti_detection
false
autorun
false
bdos
false
delay
Default
host
185.165.153.249
hwid
3
install_file
install_folder
%AppData%
mutex
AsyncMutex_6SI8OkPnk
pastebin_config
null
port
4371
version
0.5.7B

aes.plain

Targets

- Target
  
  Invoice 098734543 3.xls
- Size
  
  66KB
- MD5
  
  a86efdb09b8ec5a298f512459ff8d64d
- SHA1
  
  17a9506e70c78f7de865af5be040384997bba4cb
- SHA256
  
  71444376cd428f1934e94d2933197c4f0bfe03019b845a81fdeb922bcae95d7a
- SHA512
  
  b984f9b55e46861b6233b13e1e88200db7bd43c6c09d95ccd6bda6a189c6cd00b6a30dc94b574d9db0a2cb139ef2f5284ac7a84a580072575341187f225851f0
Score

10^/10

rat asyncrat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- ServiceHost packer
  Detects ServiceHost packer used for .NET malware
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy