asyncrat | 83d2b26d5261101ef765312c5eec9621f428f000f73ff27ff3f807c1a863d462 | Triage

Submit
Reports

Overview

overview

Static

static

SKM_20012022.exe

windows7_x64

SKM_20012022.exe

windows10-2004_x64

7

Sharing

General

Target

SKM_20012022.iso
Size

84KB
Sample

220120-rpks1aacd8
MD5

99656e4fee1b27122a02a670da4d62c8
SHA1

a3edcde3caa652698ed0818152d7653ebd90b173
SHA256

83d2b26d5261101ef765312c5eec9621f428f000f73ff27ff3f807c1a863d462
SHA512

ed220e76b0da13054cd99032de3d1ed0a347a2941fb1724d6de4e74f031cc8a63ab575793ebc62560d0f2043535be7f56890a97204b25fccc471c8e34f53b335

Score

10^/10

asyncrat raccoon 883444d23e24db829d7820cd9f825e2843a64421 persistence rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

SKM_20012022.exe

Resource

win7-en-20211208

asyncrat raccoon 883444d23e24db829d7820cd9f825e2843a64421 persistence rat stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SKM_20012022.exe

Resource

win10v2004-en-20220113

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

raccoon

Version

1.8.5

Botnet

883444d23e24db829d7820cd9f825e2843a64421

Attributes

url4cnc
http://91.219.236.133/iot3redisium2
http://194.180.174.145/iot3redisium2
http://188.166.1.115/iot3redisium2
http://91.219.236.139/iot3redisium2
http://194.180.174.147/iot3redisium2
http://185.3.95.153/iot3redisium2
http://185.163.204.22/iot3redisium2
https://t.me/iot3redisium2

rc4.plain

rc4.plain

Targets

- Target
  
  SKM_20012022.exe
- Size
  
  22KB
- MD5
  
  50a7d165ac7c5b1c27902c1ec9e8664a
- SHA1
  
  fd0d1a825d0b4162606b1651b9f35545dd024d01
- SHA256
  
  72f4064c6ed879040bb5a91bfbcca2b4829739766dbc7c2d99b8631e5966242f
- SHA512
  
  4327513f19034bf672c30e3e4f251eb60a1475b6c7b1eeb2e5cbdaebb22f1fc288b8474094f7df9aba9af4376ac00a9806c045081d611634690dfd6df9009e41
Score

10^/10

asyncrat raccoon 883444d23e24db829d7820cd9f825e2843a64421 persistence rat stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Async RAT payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratraccoon883444d23e24db829d7820cd9f825e2843a64421persistenceratstealer

behavioral2

© 2018-2024

Terms | Privacy