asyncrat | 0e7d9b0985b55dbf3c9978c57f6cf0c76e36751517ad6b224cdee2fe221cc9ca | Triage

Submit
Reports

Overview

overview

Static

static

938483_293...df.exe

windows7_x64

938483_293...df.exe

windows10_x64

Sharing

General

Target

938483_2930_8483_invoice_3473_november_2021.pdf.exe
Size

1.2MB
Sample

220125-k9mprschbq
MD5

668cbb9d01d55ca7ec4e1a41d498ea34
SHA1

ee3b32d73904bc7111524611b94b058d7cabbdaa
SHA256

0e7d9b0985b55dbf3c9978c57f6cf0c76e36751517ad6b224cdee2fe221cc9ca
SHA512

5ef8541cfc6857abbb30a0a5bcc50ec7e14f0750e9695fcb4b011675cbf29fa0cd99cafc9ccb1e47d9337088da159e0d8bce7058c578bdc6171646bc9f75ca8a

Score

10^/10

asyncrat default evasion rat

Static task

static1

Behavioral task

behavioral1

Sample

938483_2930_8483_invoice_3473_november_2021.pdf.exe

Resource

win7-en-20211208

asyncrat default evasion rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

938483_2930_8483_invoice_3473_november_2021.pdf.exe

Resource

win10-en-20211208

asyncrat default evasion rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

exportmunic007.duckdns.org:6606

exportmunic007.duckdns.org:7707

exportmunic007.duckdns.org:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes

anti_vm
false
bsod
false
delay
3
install
false
install_folder
%AppData%
pastebin_config
null

aes.plain

Targets

- Target
  
  938483_2930_8483_invoice_3473_november_2021.pdf.exe
- Size
  
  1.2MB
- MD5
  
  668cbb9d01d55ca7ec4e1a41d498ea34
- SHA1
  
  ee3b32d73904bc7111524611b94b058d7cabbdaa
- SHA256
  
  0e7d9b0985b55dbf3c9978c57f6cf0c76e36751517ad6b224cdee2fe221cc9ca
- SHA512
  
  5ef8541cfc6857abbb30a0a5bcc50ec7e14f0750e9695fcb4b011675cbf29fa0cd99cafc9ccb1e47d9337088da159e0d8bce7058c578bdc6171646bc9f75ca8a
Score

10^/10

asyncrat default evasion rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratdefaultevasionrat

behavioral2

asyncratdefaultevasionrat

© 2018-2024

Terms | Privacy