asyncrat | 74d6ce17a5ef1abd3c1c2bf8b9cc472bc8f3816299a06498cc7266c8f479beae | Triage

Submit
Reports

Overview

overview

Static

static

1698db1832...6f.exe

windows7_x64

1698db1832...6f.exe

windows10-2004_x64

8

Sharing

General

Target

1698db183216accc635a1495991ba96f.exe
Size

500KB
Sample

220120-y8ejnabee4
MD5

1698db183216accc635a1495991ba96f
SHA1

ea0332707c2e008dacd1023fcc201850f972f387
SHA256

74d6ce17a5ef1abd3c1c2bf8b9cc472bc8f3816299a06498cc7266c8f479beae
SHA512

3bb9e69ad94fb083530b91b24c20c2ae45e5d41333a305c3e43cbcabc44ef92232509501ad915cd5a77bc06940f5a2ad8e5f6da45b13c379392823429ff04687

Score

10^/10

asyncrat digi persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

1698db183216accc635a1495991ba96f.exe

Resource

win7-en-20211208

asyncrat digi persistence rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1698db183216accc635a1495991ba96f.exe

Resource

win10v2004-en-20220112

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

digi

C2

deli.mywire.org:6606

deli.mywire.org:7707

deli.mywire.org:8808

kingspy.mywire.org:6606

kingspy.mywire.org:7707

kingspy.mywire.org:8808

kraldeli.linkpc.net:6606

kraldeli.linkpc.net:7707

kraldeli.linkpc.net:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes

anti_vm
false
bsod
false
delay
3
install
false
install_folder
%AppData%
pastebin_config
null

aes.plain

Targets

- Target
  
  1698db183216accc635a1495991ba96f.exe
- Size
  
  500KB
- MD5
  
  1698db183216accc635a1495991ba96f
- SHA1
  
  ea0332707c2e008dacd1023fcc201850f972f387
- SHA256
  
  74d6ce17a5ef1abd3c1c2bf8b9cc472bc8f3816299a06498cc7266c8f479beae
- SHA512
  
  3bb9e69ad94fb083530b91b24c20c2ae45e5d41333a305c3e43cbcabc44ef92232509501ad915cd5a77bc06940f5a2ad8e5f6da45b13c379392823429ff04687
Score

10^/10

asyncrat digi persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Modifies WinLogon for persistence
  persistence
- Async RAT payload
  rat
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratdigipersistencerat

behavioral2

© 2018-2024

Terms | Privacy