asyncrat | c9df97e0eda8b8ee3adc72d68798b6a6e25db8dc29b5e2383e2c80efc8097185 | Triage

Submit
Reports

Overview

overview

Static

static

8

c9df97e0ed...5.docm

windows7_x64

c9df97e0ed...5.docm

windows10_x64

Sharing

General

Target

c9df97e0eda8b8ee3adc72d68798b6a6e25db8dc29b5e2383e2c80efc8097185
Size

16KB
Sample

220121-25mmmscda2
MD5

051a6d10f09ce1aa3e01c6df780a2afa
SHA1

45bb94b10a08ec7c1f6796c4ad3af44f03db2127
SHA256

c9df97e0eda8b8ee3adc72d68798b6a6e25db8dc29b5e2383e2c80efc8097185
SHA512

472d03411c2fc30316e58ad432db99bca5c71c173c59920bdd93d267150bf4d465d8e194ba139309530e7ee93dd739889a199c6faf0842b65e4887287a3139cd

Score

10^/10

asyncrat macro rat

Static task

static1

Behavioral task

behavioral1

Sample

c9df97e0eda8b8ee3adc72d68798b6a6e25db8dc29b5e2383e2c80efc8097185.docm

Resource

win7-en-20211208

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

c9df97e0eda8b8ee3adc72d68798b6a6e25db8dc29b5e2383e2c80efc8097185.docm

Resource

win10-en-20211208

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://cdn.discordapp.com/attachments/744453703574224897/747399246788952064/AsyncClient.exe

Targets

- Target
  
  c9df97e0eda8b8ee3adc72d68798b6a6e25db8dc29b5e2383e2c80efc8097185
- Size
  
  16KB
- MD5
  
  051a6d10f09ce1aa3e01c6df780a2afa
- SHA1
  
  45bb94b10a08ec7c1f6796c4ad3af44f03db2127
- SHA256
  
  c9df97e0eda8b8ee3adc72d68798b6a6e25db8dc29b5e2383e2c80efc8097185
- SHA512
  
  472d03411c2fc30316e58ad432db99bca5c71c173c59920bdd93d267150bf4d465d8e194ba139309530e7ee93dd739889a199c6faf0842b65e4887287a3139cd
Score

10^/10

asyncrat rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Async RAT payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy