asyncrat | 56dd6d0c5eacf5a7ec7233c4acb4cf97df95f66ed5d4d4880dca62f6b4b27a69 | Triage

Submit
Reports

Overview

overview

Static

static

8

sample.ppt

windows7_x64

sample.ppt

windows10_x64

Sharing

General

Target

sample.ppt
Size

224KB
Sample

210305-v3pe2f2w5s
MD5

f93b770274956fb4b09e4962a45c32da
SHA1

8e295f26e68ea595aaee521db9d29d39425ffbb1
SHA256

56dd6d0c5eacf5a7ec7233c4acb4cf97df95f66ed5d4d4880dca62f6b4b27a69
SHA512

98856b284df590ec1bf8e4edeab529315a3115a9f7d1a277328fa6ad4fcf25fa120b814a5714148df05386ff4d738523b3bec1617745631a766efab5cf95ced0

Score

10^/10

asyncrat macro macro_on_action persistence rat

Static task

static1

macro macro_on_action

Behavioral task

behavioral1

Sample

sample.ppt

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

sample.ppt

Resource

win10v20201028

asyncrat persistence rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

C2

micomico.ddns.net:4000

Mutex

AsyncMutex_6SI8OkPnk

Attributes

aes_key
xHd6d9DzQMkRsJZC7bi0eTRsEMK6w0Yc
anti_detection
false
autorun
false
bdos
false
delay
2021comecou@$gringoooooobrabao
host
micomico.ddns.net
hwid
3
install_file
install_folder
%AppData%
mutex
AsyncMutex_6SI8OkPnk
pastebin_config
null
port
4000
version
0.5.7B

aes.plain

Targets

- Target
  
  sample.ppt
- Size
  
  224KB
- MD5
  
  f93b770274956fb4b09e4962a45c32da
- SHA1
  
  8e295f26e68ea595aaee521db9d29d39425ffbb1
- SHA256
  
  56dd6d0c5eacf5a7ec7233c4acb4cf97df95f66ed5d4d4880dca62f6b4b27a69
- SHA512
  
  98856b284df590ec1bf8e4edeab529315a3115a9f7d1a277328fa6ad4fcf25fa120b814a5714148df05386ff4d738523b3bec1617745631a766efab5cf95ced0
Score

10^/10

persistence asyncrat rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Async RAT payload
  rat
- Blocklisted process makes network request
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Query Registry

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

macromacro_on_action

behavioral1

behavioral2

asyncratpersistencerat

© 2018-2024

Terms | Privacy