asyncrat | 9c853e5a73997e25ef20fcf2207ce105c05272943973eae6921d317ca2e84186 | Triage

Submit
Reports

Overview

overview

Static

static

justifican...s.xlsx

windows7_x64

justifican...s.xlsx

windows10_x64

1

Sharing

General

Target

justificantes anticipos.xlsx
Size

228KB
Sample

211116-r1zfjaeca3
MD5

0f90a8b479829e0c19abc92b17a6a27f
SHA1

683a157e611f489df9355f97d0bb1adcde7dd7d1
SHA256

9c853e5a73997e25ef20fcf2207ce105c05272943973eae6921d317ca2e84186
SHA512

a6d8cfe021b003e58f7983574000e948b88bbb4897d93f2fc118f245aca2ad702a2b8af93caa31bf22f50f762377c6f8cbd47fcb6d1d8cfded21105145d54566

Score

10^/10

asyncrat default agilenet rat

Static task

static1

Behavioral task

behavioral1

Sample

justificantes anticipos.xlsx

Resource

win7-en-20211014

asyncrat default agilenet rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

justificantes anticipos.xlsx

Resource

win10-en-20211104

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

202.55.133.118:5200

Mutex

DcRatMutex_qwqdanchun

Attributes

anti_vm
false
bsod
false
delay
1
install
false
install_folder
%AppData%
pastebin_config
null

aes.plain

Targets

- Target
  
  justificantes anticipos.xlsx
- Size
  
  228KB
- MD5
  
  0f90a8b479829e0c19abc92b17a6a27f
- SHA1
  
  683a157e611f489df9355f97d0bb1adcde7dd7d1
- SHA256
  
  9c853e5a73997e25ef20fcf2207ce105c05272943973eae6921d317ca2e84186
- SHA512
  
  a6d8cfe021b003e58f7983574000e948b88bbb4897d93f2fc118f245aca2ad702a2b8af93caa31bf22f50f762377c6f8cbd47fcb6d1d8cfded21105145d54566
Score

10^/10

asyncrat default agilenet rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratdefaultagilenetrat

behavioral2

© 2018-2024

Terms | Privacy