asyncrat | 4a9683f3b6658f4895cd3d44c4920d77db5dfd410cf0dc188e4f4d2740c24539 | Triage

Submit
Reports

Overview

overview

Static

static

Factura 00...65.xll

windows7_x64

Factura 00...65.xll

windows10-2004_x64

4

Sharing

General

Target

Factura 0000000065.xll
Size

638KB
Sample

220222-j1kndaedf6
MD5

a673f1b64b97384cdb86e148a94188e8
SHA1

2f924ea70a3a8c7b3c5808af437cb895f90f588a
SHA256

4a9683f3b6658f4895cd3d44c4920d77db5dfd410cf0dc188e4f4d2740c24539
SHA512

0eaaf0d09a828b7289e75e3c92bfb70b5a168031b7670f6eb6c74a0104b448b58f9bb30a09295141e23d0ea60b4571d9f0b220b4e61c38fd81197fc31e254002

Score

10^/10

asyncrat 1 persistence rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Factura 0000000065.xll

Resource

win7-en-20211208

asyncrat 1 persistence rat spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Factura 0000000065.xll

Resource

win10v2004-en-20220112

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

1

C2

212.193.30.54:8755

Mutex

gyQ12!.,=FD7trew

Attributes

anti_vm
false
bsod
false
delay
3
install
false
install_folder
%AppData%
pastebin_config
null

aes.plain

Targets

- Target
  
  Factura 0000000065.xll
- Size
  
  638KB
- MD5
  
  a673f1b64b97384cdb86e148a94188e8
- SHA1
  
  2f924ea70a3a8c7b3c5808af437cb895f90f588a
- SHA256
  
  4a9683f3b6658f4895cd3d44c4920d77db5dfd410cf0dc188e4f4d2740c24539
- SHA512
  
  0eaaf0d09a828b7289e75e3c92bfb70b5a168031b7670f6eb6c74a0104b448b58f9bb30a09295141e23d0ea60b4571d9f0b220b4e61c38fd81197fc31e254002
Score

10^/10

asyncrat 1 persistence rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncrat1persistenceratspywarestealer

behavioral2

© 2018-2024

Terms | Privacy