asyncrat | 2edc93f84e6911e5b86040964715868c82eb28c2b48cdbb2c72dee60cfe2f792 | Triage

Submit
Reports

Overview

overview

Static

static

1

8D74E2EF18...74.exe

windows7_x64

8D74E2EF18...74.exe

windows10_x64

Sharing

General

Target

8D74E2EF18E68405319A1090D20A0674.exe
Size

264KB
Sample

210506-3a7bq4k7b6
MD5

8d74e2ef18e68405319a1090d20a0674
SHA1

363c4e86dbf7f6ab65dcc79cedb07aa52ea12ed9
SHA256

2edc93f84e6911e5b86040964715868c82eb28c2b48cdbb2c72dee60cfe2f792
SHA512

6ab882ae5e24837037f3d18260f0b39f9f4b6110ebd2af86e14edebb6df201f389cc390e5af6213f5e93f1a238c55ace91910cf709dc82cfe709b6f49f958fd3

Score

10^/10

asyncrat persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

8D74E2EF18E68405319A1090D20A0674.exe

Resource

win7v20210408

asyncrat persistence rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

8D74E2EF18E68405319A1090D20A0674.exe

Resource

win10v20210410

asyncrat persistence rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

C2

fact.azad.live:5380

societyf500.ddns.net:5380

Mutex

AsyncMutex_6SI8OkPnk

Attributes

aes_key
g5ATBHeFjqZicBQcW6MmoyX0Xhwz0tjW
anti_detection
false
autorun
true
bdos
false
delay
Default
host
fact.azad.live,societyf500.ddns.net
hwid
3
install_file
install_folder
%AppData%
mutex
AsyncMutex_6SI8OkPnk
pastebin_config
null
port
5380
version
0.5.7B

aes.plain

Targets

- Target
  
  8D74E2EF18E68405319A1090D20A0674.exe
- Size
  
  264KB
- MD5
  
  8d74e2ef18e68405319a1090d20a0674
- SHA1
  
  363c4e86dbf7f6ab65dcc79cedb07aa52ea12ed9
- SHA256
  
  2edc93f84e6911e5b86040964715868c82eb28c2b48cdbb2c72dee60cfe2f792
- SHA512
  
  6ab882ae5e24837037f3d18260f0b39f9f4b6110ebd2af86e14edebb6df201f389cc390e5af6213f5e93f1a238c55ace91910cf709dc82cfe709b6f49f958fd3
Score

10^/10

asyncrat persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratpersistencerat

behavioral2

asyncratpersistencerat

© 2018-2024

Terms | Privacy