asyncrat | 72f4064c6ed879040bb5a91bfbcca2b4829739766dbc7c2d99b8631e5966242f | Triage

Submit
Reports

Overview

overview

Static

static

SKM_20012022.exe

windows7_x64

SKM_20012022.exe

windows10-2004_x64

Sharing

General

Target

SKM_20012022.exe
Size

22KB
Sample

220120-rpks1aacd9
MD5

50a7d165ac7c5b1c27902c1ec9e8664a
SHA1

fd0d1a825d0b4162606b1651b9f35545dd024d01
SHA256

72f4064c6ed879040bb5a91bfbcca2b4829739766dbc7c2d99b8631e5966242f
SHA512

4327513f19034bf672c30e3e4f251eb60a1475b6c7b1eeb2e5cbdaebb22f1fc288b8474094f7df9aba9af4376ac00a9806c045081d611634690dfd6df9009e41

Score

10^/10

asyncrat raccoon 883444d23e24db829d7820cd9f825e2843a64421 persistence rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

SKM_20012022.exe

Resource

win7-en-20211208

asyncrat raccoon 883444d23e24db829d7820cd9f825e2843a64421 persistence rat stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SKM_20012022.exe

Resource

win10v2004-en-20220112

asyncrat raccoon 883444d23e24db829d7820cd9f825e2843a64421 persistence rat stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

raccoon

Version

1.8.5

Botnet

883444d23e24db829d7820cd9f825e2843a64421

Attributes

url4cnc
http://91.219.236.133/iot3redisium2
http://194.180.174.145/iot3redisium2
http://188.166.1.115/iot3redisium2
http://91.219.236.139/iot3redisium2
http://194.180.174.147/iot3redisium2
http://185.3.95.153/iot3redisium2
http://185.163.204.22/iot3redisium2
https://t.me/iot3redisium2

rc4.plain

rc4.plain

Targets

- Target
  
  SKM_20012022.exe
- Size
  
  22KB
- MD5
  
  50a7d165ac7c5b1c27902c1ec9e8664a
- SHA1
  
  fd0d1a825d0b4162606b1651b9f35545dd024d01
- SHA256
  
  72f4064c6ed879040bb5a91bfbcca2b4829739766dbc7c2d99b8631e5966242f
- SHA512
  
  4327513f19034bf672c30e3e4f251eb60a1475b6c7b1eeb2e5cbdaebb22f1fc288b8474094f7df9aba9af4376ac00a9806c045081d611634690dfd6df9009e41
Score

10^/10

asyncrat raccoon 883444d23e24db829d7820cd9f825e2843a64421 persistence rat stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Async RAT payload
  rat
- Executes dropped EXE
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratraccoon883444d23e24db829d7820cd9f825e2843a64421persistenceratstealer

behavioral2

asyncratraccoon883444d23e24db829d7820cd9f825e2843a64421persistenceratstealer

© 2018-2024

Terms | Privacy