asyncrat | 77cc0ec039c99a695a94081d8462ee42b5b526a1da92bf05c65f3ff8fd40ec0c | Triage

Submit
Reports

Overview

overview

Static

static

Geno_Quota...df.exe

windows7_x64

Geno_Quota...df.exe

windows7_x64

9

Geno_Quota...df.exe

windows10_x64

Geno_Quota...df.exe

windows10_x64

Resubmissions

13-09-2021 12:43

210913-pyel8sggbr 10

13-01-2021 07:42

210113-kz1sa51fyn 10

Sharing

General

Target

Geno_Quotation,pdf.exe
Size

929KB
Sample

210913-pyel8sggbr
MD5

fbf75396fc5ed9d7555effe393035109
SHA1

be62388c45754b3497e8eda1d501031fa2ca7cbf
SHA256

77cc0ec039c99a695a94081d8462ee42b5b526a1da92bf05c65f3ff8fd40ec0c
SHA512

7069b9080b288bb292fdd6fc513a3c9ac40593bc63b2631ff7214256999455369379e0e05deeabe6139bd65964db37cace8ecb1c23853496340f77e663fe5671

Score

10^/10

asyncrat billion persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

Geno_Quotation,pdf.exe

Resource

win7-jp

asyncrat billion rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Geno_Quotation,pdf.exe

Resource

win7v20210408

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

Geno_Quotation,pdf.exe

Resource

win10-jp

asyncrat billion persistence rat

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

Geno_Quotation,pdf.exe

Resource

win10-en

asyncrat billion rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

billion

C2

null:null

Mutex

AsyncMutex_6SI8OkPnk

Attributes

anti_vm
false
bsod
false
delay
3
install
false
install_file
billionaire.exe
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/Q5Dxj1fY

aes.plain

Targets

- Target
  
  Geno_Quotation,pdf.exe
- Size
  
  929KB
- MD5
  
  fbf75396fc5ed9d7555effe393035109
- SHA1
  
  be62388c45754b3497e8eda1d501031fa2ca7cbf
- SHA256
  
  77cc0ec039c99a695a94081d8462ee42b5b526a1da92bf05c65f3ff8fd40ec0c
- SHA512
  
  7069b9080b288bb292fdd6fc513a3c9ac40593bc63b2631ff7214256999455369379e0e05deeabe6139bd65964db37cace8ecb1c23853496340f77e663fe5671
Score

10^/10

asyncrat billion rat persistence
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Modifies system executable filetype association
  persistence
- Registers COM server for autorun
  persistence
- Suspicious use of NtCreateUserProcessOtherParentProcess
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Async RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Change Default File Association

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

asyncratbillionrat

behavioral2

behavioral3

asyncratbillionpersistencerat

behavioral4

asyncratbillionrat

© 2018-2024

Terms | Privacy