asyncrat | bada7e61229d4c6bba936e8b163034b3421680c1f4ebbc69160fc96fc5bdb8ca | Triage

Submit
Reports

Overview

overview

Static

static

af1e6b53fc...10.exe

windows7_x64

af1e6b53fc...10.exe

windows10_x64

1

Sharing

General

Target

af1e6b53fc3e4679bedd29c25e057b10.exe
Size

3.9MB
Sample

220122-r757nabhcm
MD5

af1e6b53fc3e4679bedd29c25e057b10
SHA1

f5a82edb61a2a0c896406b4cc48c9d1bd5bb082e
SHA256

bada7e61229d4c6bba936e8b163034b3421680c1f4ebbc69160fc96fc5bdb8ca
SHA512

009298300cb8e631c2d28f34268900d8015fe8bbd2e7c21f5eda320a76debea6057a8207d5b30c193f6a182064c4bafeca98ec502a713de70969040191fdedc6

Score

10^/10

asyncrat persistence rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

af1e6b53fc3e4679bedd29c25e057b10.exe

Resource

win7-en-20211208

asyncrat persistence rat suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

af1e6b53fc3e4679bedd29c25e057b10.exe

Resource

win10-en-20211208

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.6B

C2

s1995.ddns.net:5000

Mutex

umgxmwaynloootia

Attributes

anti_vm
false
bsod
false
delay
5
install
true
install_file
zwindows.exe
install_folder
%AppData%
pastebin_config
null

aes.plain

Targets

- Target
  
  af1e6b53fc3e4679bedd29c25e057b10.exe
- Size
  
  3.9MB
- MD5
  
  af1e6b53fc3e4679bedd29c25e057b10
- SHA1
  
  f5a82edb61a2a0c896406b4cc48c9d1bd5bb082e
- SHA256
  
  bada7e61229d4c6bba936e8b163034b3421680c1f4ebbc69160fc96fc5bdb8ca
- SHA512
  
  009298300cb8e631c2d28f34268900d8015fe8bbd2e7c21f5eda320a76debea6057a8207d5b30c193f6a182064c4bafeca98ec502a713de70969040191fdedc6
Score

10^/10

asyncrat persistence rat suricata
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
  suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
  suricata
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Async RAT payload
  rat
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

asyncratpersistenceratsuricata

behavioral2

© 2018-2024

Terms | Privacy