asyncrat | 11dba92af0462cb18ac9c9ed81f104530819287f32be261915b706f83f6e04ad | Triage

Submit
Reports

Overview

overview

Static

static

9731acc2ac...98.exe

windows7_x64

9731acc2ac...98.exe

windows10_x64

Sharing

General

Target

9731acc2acbf8329ae69f9d7d50e1998.exe
Size

484KB
Sample

211206-nevcxaggb6
MD5

9731acc2acbf8329ae69f9d7d50e1998
SHA1

9d99415d1675f423ebd82551ba1aee7acdccab58
SHA256

11dba92af0462cb18ac9c9ed81f104530819287f32be261915b706f83f6e04ad
SHA512

03bb2f6731916fb4d3e75edb4b6ec34479b5f76b32028900105e63a58a8be6e9c5a5952e79f73f2c05687c31baa25b5e09ff86614986b6da9f31f47546cc86ae

Score

10^/10

asyncrat bitrat 3 persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

9731acc2acbf8329ae69f9d7d50e1998.exe

Resource

win7-en-20211104

asyncrat bitrat 3 persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

9731acc2acbf8329ae69f9d7d50e1998.exe

Resource

win10-en-20211104

asyncrat persistence rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

3

C2

217.64.149.93:1973

Mutex

df4Rtg34dFt5ynrew

Attributes

anti_vm
false
bsod
false
delay
3
install
false
install_folder
%AppData%
pastebin_config
null

aes.plain

Targets

- Target
  
  9731acc2acbf8329ae69f9d7d50e1998.exe
- Size
  
  484KB
- MD5
  
  9731acc2acbf8329ae69f9d7d50e1998
- SHA1
  
  9d99415d1675f423ebd82551ba1aee7acdccab58
- SHA256
  
  11dba92af0462cb18ac9c9ed81f104530819287f32be261915b706f83f6e04ad
- SHA512
  
  03bb2f6731916fb4d3e75edb4b6ec34479b5f76b32028900105e63a58a8be6e9c5a5952e79f73f2c05687c31baa25b5e09ff86614986b6da9f31f47546cc86ae
Score

10^/10

asyncrat bitrat 3 persistence rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- BitRAT Payload
- Async RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratbitrat3persistencerattrojan

behavioral2

asyncratpersistencerat

© 2018-2024

Terms | Privacy