asyncrat | 30fb07f3d0ff5583e496de2b238d75ef42ced2f66d9f9459e3f26ee87c5d85ce | Triage

Submit
Reports

Overview

overview

Static

static

Pratka Eco...52.rtf

windows7_x64

Pratka Eco...52.rtf

windows10-2004_x64

6

Sharing

General

Target

Pratka Econt 5300133634052.doc
Size

11KB
Sample

220224-vxj38aeffq
MD5

c13fb5c2889ecf291ba719fa5e598a8d
SHA1

df34705ab05381172150afa03f04ca090427f7f5
SHA256

30fb07f3d0ff5583e496de2b238d75ef42ced2f66d9f9459e3f26ee87c5d85ce
SHA512

7ce06e898ff9b77fbb7988266a81b88e899d4ab568c22bce47d2765a3207e82c6e8db8dd3db1f5aecbc5eb9497b9b4b246ae2cc07749f931a353976245414df0

Score

10^/10

asyncrat 1 persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

Pratka Econt 5300133634052.rtf

Resource

win7-20220223-en

asyncrat 1 persistence rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Pratka Econt 5300133634052.rtf

Resource

win10v2004-en-20220113

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

1

C2

212.193.30.54:8755

Mutex

gyQ12!.,=FD7trew

Attributes

anti_vm
false
bsod
false
delay
3
install
false
install_folder
%AppData%
pastebin_config
null

aes.plain

Targets

- Target
  
  Pratka Econt 5300133634052.doc
- Size
  
  11KB
- MD5
  
  c13fb5c2889ecf291ba719fa5e598a8d
- SHA1
  
  df34705ab05381172150afa03f04ca090427f7f5
- SHA256
  
  30fb07f3d0ff5583e496de2b238d75ef42ced2f66d9f9459e3f26ee87c5d85ce
- SHA512
  
  7ce06e898ff9b77fbb7988266a81b88e899d4ab568c22bce47d2765a3207e82c6e8db8dd3db1f5aecbc5eb9497b9b4b246ae2cc07749f931a353976245414df0
Score

10^/10

asyncrat 1 persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Process spawned suspicious child process
  This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncrat1persistencerat

behavioral2

© 2018-2024

Terms | Privacy