asyncrat | 870a4cfc58c388361c8834701aa8112a0de4155305e92aedc66e0384813d3439 | Triage

Submit
Reports

Overview

overview

Static

static

5ae748c103...a6.exe

windows7_x64

5ae748c103...a6.exe

windows10_x64

Sharing

General

Target

5ae748c103a50cdd6d338506a153caa6.exe
Size

268KB
Sample

220124-zd5yssaag8
MD5

5ae748c103a50cdd6d338506a153caa6
SHA1

cfc4f248b309c6e8ac5b8031a2a4d614a48c5ea7
SHA256

870a4cfc58c388361c8834701aa8112a0de4155305e92aedc66e0384813d3439
SHA512

b7a354d56a07aede8eef9357985545c3a576a788fb6b6c11b88401ea9f81d3f5637ca63cc399f6096a96d4c73425d9e7787fa63d7b51cb72424b5d565bec5682

Score

10^/10

asyncrat redline xmrig @xbaxissxx cheat default discovery infostealer miner rat spyware stealer

Static task

static1

rat default asyncrat

Behavioral task

behavioral1

Sample

5ae748c103a50cdd6d338506a153caa6.exe

Resource

win7-en-20211208

asyncrat redline xmrig @xbaxissxx cheat default discovery infostealer miner rat spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

5ae748c103a50cdd6d338506a153caa6.exe

Resource

win10-en-20211208

asyncrat redline @xbaxissxx cheat default discovery infostealer rat spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

null:null

Mutex

DcRatMutex

Attributes

anti_vm
false
bsod
false
delay
1
install
true
install_file
RuntimeBroker.exe
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/SctPUR4x

aes.plain

Extracted

Family

redline

Botnet

cheat

C2

rat3000.ddns.net:56698

Extracted

Family

redline

Botnet

@xbaxissxx

C2

137.117.100.173:36513

Targets

- Target
  
  5ae748c103a50cdd6d338506a153caa6.exe
- Size
  
  268KB
- MD5
  
  5ae748c103a50cdd6d338506a153caa6
- SHA1
  
  cfc4f248b309c6e8ac5b8031a2a4d614a48c5ea7
- SHA256
  
  870a4cfc58c388361c8834701aa8112a0de4155305e92aedc66e0384813d3439
- SHA512
  
  b7a354d56a07aede8eef9357985545c3a576a788fb6b6c11b88401ea9f81d3f5637ca63cc399f6096a96d4c73425d9e7787fa63d7b51cb72424b5d565bec5682
Score

10^/10

asyncrat redline xmrig @xbaxissxx cheat default discovery infostealer miner rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Async RAT payload
  rat
- XMRig Miner Payload
  miner
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratredlinexmrig@xbaxissxxcheatdefaultdiscoveryinfostealerminerratspywarestealer

behavioral2

asyncratredline@xbaxissxxcheatdefaultdiscoveryinfostealerratspywarestealer

© 2018-2024

Terms | Privacy