asyncrat | c2b9108a7aedcb313f9df0d16cf1c52e9de3cae6afab5829f8c533924850efb7 | Triage

Submit
Reports

Overview

overview

Static

static

PO_21031566AF_pdf.jar

windows7_x64

PO_21031566AF_pdf.jar

windows10_x64

Sharing

General

Target

PO_21031566AF_pdf.jar
Size

477KB
Sample

210315-92fk49jdme
MD5

0d5327616ab7b563c34ef9a5ab1892d6
SHA1

403df150f0a5ae27c837a6a70ed993a6633889b0
SHA256

c2b9108a7aedcb313f9df0d16cf1c52e9de3cae6afab5829f8c533924850efb7
SHA512

6790cbdc75999ae65ae1353fa529459d5240945ef86dadfe5aa6c55cd8e13c33bcdf1fb35fa627267ae0797c1caa2f86106b0f9336b25572fafac7e3f6891f6e

Score

10^/10

asyncrat ratty evasion persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

PO_21031566AF_pdf.jar

Resource

win7v20201028

asyncrat ratty evasion persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PO_21031566AF_pdf.jar

Resource

win10v20201028

asyncrat ratty evasion persistence rat trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

C2

chongmei33.publicvm.com:2703

chongmei33.publicvm.com:49703

chongmei33.publicvm.com:49746

185.165.153.116:2703

185.165.153.116:49703

185.165.153.116:49746

54.37.36.116:2703

54.37.36.116:49703

54.37.36.116:49746

185.244.30.92:2703

185.244.30.92:49703

185.244.30.92:49746

dongreg202020.duckdns.org:2703

dongreg202020.duckdns.org:49703

dongreg202020.duckdns.org:49746

178.33.222.241:2703

178.33.222.241:49703

178.33.222.241:49746

rahim321.duckdns.org:2703

rahim321.duckdns.org:49703

rahim321.duckdns.org:49746

79.134.225.92:2703

79.134.225.92:49703

79.134.225.92:49746

37.120.208.36:2703

37.120.208.36:49703

37.120.208.36:49746

178.33.222.243:2703

178.33.222.243:49703

178.33.222.243:49746

87.98.245.48:2703

87.98.245.48:49703

87.98.245.48:49746

Mutex

AsyncMutex_6SI8OkPnk

Attributes

aes_key
hGScKRB0VrlS4WpFo0N7AmnZQApV4qsi
anti_detection
false
autorun
false
bdos
false
delay
FEB
host
chongmei33.publicvm.com,185.165.153.116,54.37.36.116,185.244.30.92,dongreg202020.duckdns.org,178.33.222.241,rahim321.duckdns.org,79.134.225.92,37.120.208.36,178.33.222.243,87.98.245.48
hwid
3
install_file
install_folder
%AppData%
mutex
AsyncMutex_6SI8OkPnk
pastebin_config
null
port
2703,49703,49746
version
0.5.7B

aes.plain

Targets

- Target
  
  PO_21031566AF_pdf.jar
- Size
  
  477KB
- MD5
  
  0d5327616ab7b563c34ef9a5ab1892d6
- SHA1
  
  403df150f0a5ae27c837a6a70ed993a6633889b0
- SHA256
  
  c2b9108a7aedcb313f9df0d16cf1c52e9de3cae6afab5829f8c533924850efb7
- SHA512
  
  6790cbdc75999ae65ae1353fa529459d5240945ef86dadfe5aa6c55cd8e13c33bcdf1fb35fa627267ae0797c1caa2f86106b0f9336b25572fafac7e3f6891f6e
Score

10^/10

asyncrat ratty evasion persistence rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Ratty
  Ratty is an open source Java Remote Access Tool.
  trojan rat ratty
- Ratty Rat Payload
- Turns off Windows Defender SpyNet reporting
  evasion
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Async RAT payload
  rat
- Detect jar appended to MSI
- Nirsoft
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratrattyevasionpersistencerattrojan

behavioral2

asyncratrattyevasionpersistencerattrojan

© 2018-2024

Terms | Privacy