asyncrat | bccd9bf98be271d65f16e5c30c7a886157386717856857a1089f0abfc04aa5a1 | Triage

Submit
Reports

Overview

overview

Static

static

registrator.exe

windows7_x64

registrator.exe

windows10_x64

Sharing

General

Target

registrator.exe
Size

10.2MB
Sample

201225-z1zja7ep66
MD5

e90adc914ffed2f7601beb33403e3a1a
SHA1

54343f9d673ba8a041a9d90ef706ab37c43a2aa9
SHA256

bccd9bf98be271d65f16e5c30c7a886157386717856857a1089f0abfc04aa5a1
SHA512

d5b369ecacf603fbf143ec6262f237a19969ff0785de403369d8fb707641c09295dc1a40b47f2b399559b9f19dfc06ef4fba6b925abff85e64ba2f758201fc6b

Score

10^/10

asyncrat evasion rat

Static task

static1

Behavioral task

behavioral1

Sample

registrator.exe

Resource

win7v20201028

asyncrat evasion rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

registrator.exe

Resource

win10v20201028

asyncrat evasion rat

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  registrator.exe
- Size
  
  10.2MB
- MD5
  
  e90adc914ffed2f7601beb33403e3a1a
- SHA1
  
  54343f9d673ba8a041a9d90ef706ab37c43a2aa9
- SHA256
  
  bccd9bf98be271d65f16e5c30c7a886157386717856857a1089f0abfc04aa5a1
- SHA512
  
  d5b369ecacf603fbf143ec6262f237a19969ff0785de403369d8fb707641c09295dc1a40b47f2b399559b9f19dfc06ef4fba6b925abff85e64ba2f758201fc6b
Score

10^/10

asyncrat evasion rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratevasionrat

behavioral2

asyncratevasionrat

© 2018-2024

Terms | Privacy