asyncrat | 880b48dd4db9c59c37e8ba48f11b7aabc0990413f3808fa19df9c913e6831ec9 | Triage

Submit
Reports

Overview

overview

Static

static

880b48dd4d...c9.exe

windows7_x64

880b48dd4d...c9.exe

windows10-2004_x64

Sharing

General

Target

880b48dd4db9c59c37e8ba48f11b7aabc0990413f3808fa19df9c913e6831ec9
Size

903KB
Sample

220201-fxsm2ahbhm
MD5

8e68370433ab06b8e88bdf181e8a3145
SHA1

c77534b6c2e810dfd3e04d483cf67aa130884df9
SHA256

880b48dd4db9c59c37e8ba48f11b7aabc0990413f3808fa19df9c913e6831ec9
SHA512

50da06632b350a59a5aa34e6870f954f320895f2202e4f0abfb0b6e9ffe347456fac173791f84f419608298798228ba35433a5e2883b13fff2f1055d86cc3bff

Score

10^/10

asyncrat agilenet persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

880b48dd4db9c59c37e8ba48f11b7aabc0990413f3808fa19df9c913e6831ec9.exe

Resource

win7-en-20211208

asyncrat agilenet rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

880b48dd4db9c59c37e8ba48f11b7aabc0990413f3808fa19df9c913e6831ec9.exe

Resource

win10v2004-en-20220112

asyncrat persistence rat

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.6A

C2

peacelist.ignorelist.com:7707

peacelist.ignorelist.com:8808

peacelist.ignorelist.com:5505

Mutex

FTPgbnffd

Attributes

anti_vm
false
bsod
false
delay
10
install
true
install_file
shost.exe
install_folder
%AppData%
pastebin_config
null

aes.plain

Targets

- Target
  
  880b48dd4db9c59c37e8ba48f11b7aabc0990413f3808fa19df9c913e6831ec9
- Size
  
  903KB
- MD5
  
  8e68370433ab06b8e88bdf181e8a3145
- SHA1
  
  c77534b6c2e810dfd3e04d483cf67aa130884df9
- SHA256
  
  880b48dd4db9c59c37e8ba48f11b7aabc0990413f3808fa19df9c913e6831ec9
- SHA512
  
  50da06632b350a59a5aa34e6870f954f320895f2202e4f0abfb0b6e9ffe347456fac173791f84f419608298798228ba35433a5e2883b13fff2f1055d86cc3bff
Score

10^/10

asyncrat agilenet rat persistence
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Executes dropped EXE
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratagilenetrat

behavioral2

asyncratpersistencerat

© 2018-2024

Terms | Privacy