asyncrat | b96849a992512df5e9cf349bdbaea4ec4a297a9d334aca6ae32d921ccb844e1f | Triage

Submit
Reports

Overview

overview

Static

static

SOPORTE DE...IA.exe

windows7_x64

SOPORTE DE...IA.exe

windows10_x64

Sharing

General

Target

SOPORTE DE TRANSFERENCIA BANCO AGRARIO DE COLOMBIA.exe
Size

1.0MB
Sample

210114-rqj4ppvt76
MD5

4125dc4cedd5145802059e6f56491c67
SHA1

8eb676931c46ececa90e400d23369a6c5f3294f1
SHA256

b96849a992512df5e9cf349bdbaea4ec4a297a9d334aca6ae32d921ccb844e1f
SHA512

cc20208af6817c0c64bbf37ad0f2057857c00a81b2fe0bccbc0c37c02db78caedd0332b15f83cc14bafbb46af893b4a8fbf5bade4e553a1382ec42080f763b32

Score

10^/10

asyncrat evasion persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

SOPORTE DE TRANSFERENCIA BANCO AGRARIO DE COLOMBIA.exe

Resource

win7v20201028

asyncrat evasion persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SOPORTE DE TRANSFERENCIA BANCO AGRARIO DE COLOMBIA.exe

Resource

win10v20201028

asyncrat evasion persistence rat trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

C2

jesuslopez19011.duckdns.org:1881

Mutex

AsyncMutex_6SI8OkPnk

Attributes

aes_key
a9t0tuVlARBorSOG6HaEdksAb0k95PZR
anti_detection
false
autorun
false
bdos
false
delay
Default
host
jesuslopez19011.duckdns.org
hwid
3
install_file
install_folder
%AppData%
mutex
AsyncMutex_6SI8OkPnk
pastebin_config
null
port
1881
version
0.5.7B

aes.plain

Targets

- Target
  
  SOPORTE DE TRANSFERENCIA BANCO AGRARIO DE COLOMBIA.exe
- Size
  
  1.0MB
- MD5
  
  4125dc4cedd5145802059e6f56491c67
- SHA1
  
  8eb676931c46ececa90e400d23369a6c5f3294f1
- SHA256
  
  b96849a992512df5e9cf349bdbaea4ec4a297a9d334aca6ae32d921ccb844e1f
- SHA512
  
  cc20208af6817c0c64bbf37ad0f2057857c00a81b2fe0bccbc0c37c02db78caedd0332b15f83cc14bafbb46af893b4a8fbf5bade4e553a1382ec42080f763b32
Score

10^/10

asyncrat evasion persistence rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Modifies WinLogon for persistence
  persistence
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Turns off Windows Defender SpyNet reporting
  evasion
- Windows security bypass
  evasion trojan
- Async RAT payload
  rat
- Drops startup file
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

asyncratevasionpersistencerattrojan

behavioral2

asyncratevasionpersistencerattrojan

© 2018-2024

Terms | Privacy