asyncrat | 06e223bb2af0e00e3c5c7d2a0574e0cf69716f82432665221d49f62a8613b5ed | Triage

Submit
Reports

Overview

overview

Static

static

8

ORDER 002110109A.xlsm

windows7_x64

ORDER 002110109A.xlsm

windows10_x64

Sharing

General

Target

ORDER 002110109A.xlsm
Size

388KB
Sample

211010-nyfc4afge3
MD5

fddb915231bd05bdb40250bd9ca9327a
SHA1

95e69dffccc8c93611de153fd9993faefc4b0f5f
SHA256

06e223bb2af0e00e3c5c7d2a0574e0cf69716f82432665221d49f62a8613b5ed
SHA512

da06766a2de1c0008ee9ed1d575bf8500a09ba511d056beb2c84e44ce7457d7e319c156695176de87247ca7faac68ea65af6216d47075f67341e6c2b61b13b43

Score

10^/10

asyncrat macro persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

ORDER 002110109A.xlsm

Resource

win7-en-20210920

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ORDER 002110109A.xlsm

Resource

win10v20210408

asyncrat persistence rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://transfer.sh/get/ii6Fqb/word.exe

Targets

- Target
  
  ORDER 002110109A.xlsm
- Size
  
  388KB
- MD5
  
  fddb915231bd05bdb40250bd9ca9327a
- SHA1
  
  95e69dffccc8c93611de153fd9993faefc4b0f5f
- SHA256
  
  06e223bb2af0e00e3c5c7d2a0574e0cf69716f82432665221d49f62a8613b5ed
- SHA512
  
  da06766a2de1c0008ee9ed1d575bf8500a09ba511d056beb2c84e44ce7457d7e319c156695176de87247ca7faac68ea65af6216d47075f67341e6c2b61b13b43
Score

10^/10

persistence asyncrat rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Async RAT payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

asyncratpersistencerat

© 2018-2024

Terms | Privacy