asyncrat | cbde068b97a9081568dea732d561f26c52946ebbadf260c2305b46f369b20c9d | Triage

Submit
Reports

Overview

overview

Static

static

d7490b3cd8...f4.exe

windows7_x64

d7490b3cd8...f4.exe

windows10_x64

Sharing

General

Target

d7490b3cd8d992172d83744289079ff4.exe
Size

1.0MB
Sample

220129-k57t5shack
MD5

d7490b3cd8d992172d83744289079ff4
SHA1

8b14577b75be2e2546e090287167b0017a2ac000
SHA256

cbde068b97a9081568dea732d561f26c52946ebbadf260c2305b46f369b20c9d
SHA512

3ac675b5a7cc377b859d9619785fa9e5f834246b4ae1c77e5f3ac95bc8907b6480181da5d58753fa844e78b6391ba64ff51285ebb9f601fc2b18d410a8bfb7bd

Score

10^/10

asyncrat default microsoft phishing rat spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

d7490b3cd8d992172d83744289079ff4.exe

Resource

win7-en-20211208

asyncrat default rat spyware stealer suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

d7490b3cd8d992172d83744289079ff4.exe

Resource

win10-en-20211208

asyncrat default microsoft phishing rat spyware stealer suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

20.98.96.97:1605

Mutex

AsyncMutex_6SI8OkPnk

Attributes

anti_vm
false
bsod
false
delay
3
install
false
install_folder
%AppData%
pastebin_config
null

aes.plain

Targets

- Target
  
  d7490b3cd8d992172d83744289079ff4.exe
- Size
  
  1.0MB
- MD5
  
  d7490b3cd8d992172d83744289079ff4
- SHA1
  
  8b14577b75be2e2546e090287167b0017a2ac000
- SHA256
  
  cbde068b97a9081568dea732d561f26c52946ebbadf260c2305b46f369b20c9d
- SHA512
  
  3ac675b5a7cc377b859d9619785fa9e5f834246b4ae1c77e5f3ac95bc8907b6480181da5d58753fa844e78b6391ba64ff51285ebb9f601fc2b18d410a8bfb7bd
Score

10^/10

asyncrat default rat spyware stealer suricata microsoft phishing
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
  suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
  suricata
- Async RAT payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratdefaultratspywarestealersuricata

behavioral2

asyncratdefaultmicrosoftphishingratspywarestealersuricata

© 2018-2024

Terms | Privacy