asyncrat | 6802b8b194e5599c2a3befc366103a354231d9b3777b021e285d09d59475f96d | Triage

Submit
Reports

Overview

overview

Static

static

SKM_C25820...57.scr

windows7_x64

SKM_C25820...57.scr

windows10_x64

Sharing

General

Target

SKM_C258201001130020005057.scr
Size

659KB
Sample

201230-7dylv87dx2
MD5

580aa11c0d139a04ac8d2aa22df1647e
SHA1

5669fcc6fe96260bb31d62b740e1a2856ca180a8
SHA256

6802b8b194e5599c2a3befc366103a354231d9b3777b021e285d09d59475f96d
SHA512

c04c7a61bf07812d557bdede0acd7f4a6c9a2c580065156f50d5d897adbfd5b0f174e621f3c785122a94f6b5cd56c054aedfbc47bf426ca3ae7c67e34378cdfd

Score

10^/10

asyncrat persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

SKM_C258201001130020005057.scr

Resource

win7v20201028

asyncrat persistence rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SKM_C258201001130020005057.scr

Resource

win10v20201028

asyncrat persistence rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

C2

severdops.ddns.net:6204

Mutex

AsyncMutex_6SI8OkPnk

Attributes

aes_key
FDJsIxZ6Ibj7ivHabCCCBblKX02EYCOK
anti_detection
false
autorun
false
bdos
false
delay
Default
host
severdops.ddns.net
hwid
3
install_file
install_folder
%AppData%
mutex
AsyncMutex_6SI8OkPnk
pastebin_config
null
port
6204
version
0.5.7B

aes.plain

Targets

- Target
  
  SKM_C258201001130020005057.scr
- Size
  
  659KB
- MD5
  
  580aa11c0d139a04ac8d2aa22df1647e
- SHA1
  
  5669fcc6fe96260bb31d62b740e1a2856ca180a8
- SHA256
  
  6802b8b194e5599c2a3befc366103a354231d9b3777b021e285d09d59475f96d
- SHA512
  
  c04c7a61bf07812d557bdede0acd7f4a6c9a2c580065156f50d5d897adbfd5b0f174e621f3c785122a94f6b5cd56c054aedfbc47bf426ca3ae7c67e34378cdfd
Score

10^/10

asyncrat persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Modifies WinLogon for persistence
  persistence
- Async RAT payload
  rat
- Drops startup file
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratpersistencerat

behavioral2

asyncratpersistencerat

© 2018-2024

Terms | Privacy