asyncrat | 6acd5eb47c8c0bd86c1f04947074656f1e77a48dc4f5d2b02b487b4942dfe6c9 | Triage

Submit
Reports

Overview

overview

Static

static

e326c7b157...a3.exe

windows7_x64

e326c7b157...a3.exe

windows10_x64

Sharing

General

Target

e326c7b1573790be0681dcdc109e15a3.exe
Size

68KB
Sample

220129-r21pzscga3
MD5

e326c7b1573790be0681dcdc109e15a3
SHA1

0c18ee8bce065b42ff09b034c7e92e6019d66dfd
SHA256

6acd5eb47c8c0bd86c1f04947074656f1e77a48dc4f5d2b02b487b4942dfe6c9
SHA512

305d175e5da5df650b956d433f31d8c9fc0a62430e79b048cdf530c9223928d5d693432e5a08508ecbe007b0294927c2a9b0418929de73372c7e3c8af4880dfe

Score

10^/10

asyncrat redline default opaikrito discovery infostealer rat spyware stealer

Static task

static1

rat default asyncrat

Behavioral task

behavioral1

Sample

e326c7b1573790be0681dcdc109e15a3.exe

Resource

win7-en-20211208

asyncrat redline default opaikrito discovery infostealer rat spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

e326c7b1573790be0681dcdc109e15a3.exe

Resource

win10-en-20211208

asyncrat redline default opaikrito discovery infostealer rat spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

null:null

Mutex

DcRatMutex

Attributes

anti_vm
false
bsod
false
delay
1
install
true
install_file
RuntimeBroker.exe
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/SctPUR4x

aes.plain

Extracted

Family

redline

Botnet

OpaIkrito

C2

xbaxis.ddns.net:45562

Targets

- Target
  
  e326c7b1573790be0681dcdc109e15a3.exe
- Size
  
  68KB
- MD5
  
  e326c7b1573790be0681dcdc109e15a3
- SHA1
  
  0c18ee8bce065b42ff09b034c7e92e6019d66dfd
- SHA256
  
  6acd5eb47c8c0bd86c1f04947074656f1e77a48dc4f5d2b02b487b4942dfe6c9
- SHA512
  
  305d175e5da5df650b956d433f31d8c9fc0a62430e79b048cdf530c9223928d5d693432e5a08508ecbe007b0294927c2a9b0418929de73372c7e3c8af4880dfe
Score

10^/10

asyncrat redline default opaikrito discovery infostealer rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Async RAT payload
  rat
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratredlinedefaultopaikritodiscoveryinfostealerratspywarestealer

behavioral2

asyncratredlinedefaultopaikritodiscoveryinfostealerratspywarestealer

© 2018-2024

Terms | Privacy