asyncrat | 820f2381fe1860a8b6f9e66032ac4bb79ac6b7b9269264c547e4c63151593df0 | Triage

Submit
Reports

Overview

overview

Static

static

820f2381fe...f0.exe

windows7_x64

820f2381fe...f0.exe

windows10_x64

Sharing

General

Target

820f2381fe1860a8b6f9e66032ac4bb79ac6b7b9269264c547e4c63151593df0
Size

732KB
Sample

210921-kh5q9sghf2
MD5

a1c0d1485d1f2ac0d660ea28502e79ae
SHA1

fcd8a01e7c022c086747a680bb8995f9279aaa8c
SHA256

820f2381fe1860a8b6f9e66032ac4bb79ac6b7b9269264c547e4c63151593df0
SHA512

d44e3ecaefe8012aeaf5b3b4adf0d4aa6e2b9cf4565960def0c665d6294f7b21fa006a8d99b4e847b2a2f8eb0e9981bc4ce2f2f377541e53d84295b94108ad1f

Score

10^/10

asyncrat darkcomet njrat hacked sazan persistence rat trojan

Static task

static1

rat sazan asyncrat darkcomet

Behavioral task

behavioral1

Sample

820f2381fe1860a8b6f9e66032ac4bb79ac6b7b9269264c547e4c63151593df0.exe

Resource

win7v20210408

asyncrat darkcomet njrat hacked sazan persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

820f2381fe1860a8b6f9e66032ac4bb79ac6b7b9269264c547e4c63151593df0.exe

Resource

win10-en-20210920

asyncrat darkcomet njrat hacked sazan persistence rat trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Sazan

C2

marbeyli.ddns.net:443

Mutex

DC_MUTEX-WF3HSVR

Attributes

InstallPath
MSDCSC\svchost.exe
gencode
CTg6jh11p8Xh
install
true
offline_keylogger
true
persistence
false
reg_key
MicroUpdate

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

marbeyli.ddns.net:5552

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  820f2381fe1860a8b6f9e66032ac4bb79ac6b7b9269264c547e4c63151593df0
- Size
  
  732KB
- MD5
  
  a1c0d1485d1f2ac0d660ea28502e79ae
- SHA1
  
  fcd8a01e7c022c086747a680bb8995f9279aaa8c
- SHA256
  
  820f2381fe1860a8b6f9e66032ac4bb79ac6b7b9269264c547e4c63151593df0
- SHA512
  
  d44e3ecaefe8012aeaf5b3b4adf0d4aa6e2b9cf4565960def0c665d6294f7b21fa006a8d99b4e847b2a2f8eb0e9981bc4ce2f2f377541e53d84295b94108ad1f
Score

10^/10

asyncrat darkcomet njrat hacked sazan persistence rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Async RAT payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

ratsazanasyncratdarkcomet

behavioral1

asyncratdarkcometnjrathackedsazanpersistencerattrojan

behavioral2

asyncratdarkcometnjrathackedsazanpersistencerattrojan

© 2018-2024

Terms | Privacy