asyncrat | 0ee87c38a46c1e2c3e7d21e0108b12b78b2083eee3bb9beee031fcd6340d3632 | Triage

Submit
Reports

Overview

overview

Static

static

Fancourier...RO.rtf

windows7_x64

Fancourier...RO.rtf

windows10-2004_x64

1

Sharing

General

Target

Fancourier 09032200754RO.doc
Size

9KB
Sample

220314-xemgqsbad8
MD5

afaba454894f4a81bd7bddab3deec9f2
SHA1

f781efbf3b7270e429a79e7410db0b1c62a502e2
SHA256

0ee87c38a46c1e2c3e7d21e0108b12b78b2083eee3bb9beee031fcd6340d3632
SHA512

931e8c92a64501439b002400cd1d38392c44fd7a4819796d0aebe06f5a9f612d0da74048217c3ab53cf92a14be260732971560646a1701bf49c5b8171ef3a72a

Score

10^/10

asyncrat 2 persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

Fancourier 09032200754RO.rtf

Resource

win7-20220311-en

asyncrat 2 persistence rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Fancourier 09032200754RO.rtf

Resource

win10v2004-en-20220113

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

2

C2

212.193.30.54:9524

Mutex

wyQ92!.,=FT72few

Attributes

anti_vm
false
bsod
false
delay
3
install
false
install_folder
%AppData%
pastebin_config
null

aes.plain

Targets

- Target
  
  Fancourier 09032200754RO.doc
- Size
  
  9KB
- MD5
  
  afaba454894f4a81bd7bddab3deec9f2
- SHA1
  
  f781efbf3b7270e429a79e7410db0b1c62a502e2
- SHA256
  
  0ee87c38a46c1e2c3e7d21e0108b12b78b2083eee3bb9beee031fcd6340d3632
- SHA512
  
  931e8c92a64501439b002400cd1d38392c44fd7a4819796d0aebe06f5a9f612d0da74048217c3ab53cf92a14be260732971560646a1701bf49c5b8171ef3a72a
Score

10^/10

asyncrat 2 persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncrat2persistencerat

behavioral2

© 2018-2024

Terms | Privacy