asyncrat | 81e9b0a91e38aca2347fbd1812c95be2e04a31444629244e1f7a64b84fec45e2 | Triage

Submit
Reports

Overview

overview

Static

static

faktura 0975.doc

windows7_x64

faktura 0975.doc

windows10_x64

1

Sharing

General

Target

faktura 0975.doc
Size

3KB
Sample

210415-1w8ayhdjvn
MD5

62f9b4a0d977292a757f209c10d07c59
SHA1

2a10128913875339ce33a7790a8afc33299a651b
SHA256

81e9b0a91e38aca2347fbd1812c95be2e04a31444629244e1f7a64b84fec45e2
SHA512

e10369cc642b7af06d1c5ed8a32d3c52fb74dc5efac4b2d6bf6a63c8b4d144507d59c04e1df620b781780c55d3340ae16ba06f36a1a8cd1ac2c2c5f9e418decd

Score

10^/10

asyncrat rat

Static task

static1

Behavioral task

behavioral1

Sample

faktura 0975.doc

Resource

win7v20210408

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

faktura 0975.doc

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

C2

217.64.149.183:1975

Mutex

AsyncMutex_6SI8OkPnk982

Attributes

aes_key
HT9s6QmpqjJcWPeFvj9lPIjlcLXMQsOe
anti_detection
false
autorun
false
bdos
false
delay
Default
host
217.64.149.183
hwid
3
install_file
install_folder
%AppData%
mutex
AsyncMutex_6SI8OkPnk982
pastebin_config
null
port
1975
version
0.5.7B

aes.plain

Targets

- Target
  
  faktura 0975.doc
- Size
  
  3KB
- MD5
  
  62f9b4a0d977292a757f209c10d07c59
- SHA1
  
  2a10128913875339ce33a7790a8afc33299a651b
- SHA256
  
  81e9b0a91e38aca2347fbd1812c95be2e04a31444629244e1f7a64b84fec45e2
- SHA512
  
  e10369cc642b7af06d1c5ed8a32d3c52fb74dc5efac4b2d6bf6a63c8b4d144507d59c04e1df620b781780c55d3340ae16ba06f36a1a8cd1ac2c2c5f9e418decd
Score

10^/10

asyncrat rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy