asyncrat | a78f33c16f2dda006e42cd86aa82adb522c24c9bd2c7583c70007a8a58649b07 | Triage

Submit
Reports

Overview

overview

Static

static

Inquiry 14...22.rtf

windows7_x64

Inquiry 14...22.rtf

windows10-2004_x64

1

Sharing

General

Target

Inquiry 14 MARCH 2022.doc
Size

8KB
Sample

220314-xf75tsbaf2
MD5

7e923f9ed71605c75cec4a39d9ae9115
SHA1

e298bd1e7090016119eb69d8eaa158b04046026a
SHA256

a78f33c16f2dda006e42cd86aa82adb522c24c9bd2c7583c70007a8a58649b07
SHA512

e5371b267ba5c87c2cf3eb9f1b0ad26dbaee15bbe150af3a4537555a9235fe7dfde85d36d48515b149f8911d46970abd9a0160d17d264c8bf95cce768ba34796

Score

10^/10

asyncrat 2 persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

Inquiry 14 MARCH 2022.rtf

Resource

win7-20220311-en

asyncrat 2 persistence rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Inquiry 14 MARCH 2022.rtf

Resource

win10v2004-en-20220113

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

2

C2

212.193.30.54:9524

Mutex

wyQ92!.,=FT72few

Attributes

anti_vm
false
bsod
false
delay
3
install
false
install_folder
%AppData%
pastebin_config
null

aes.plain

Targets

- Target
  
  Inquiry 14 MARCH 2022.doc
- Size
  
  8KB
- MD5
  
  7e923f9ed71605c75cec4a39d9ae9115
- SHA1
  
  e298bd1e7090016119eb69d8eaa158b04046026a
- SHA256
  
  a78f33c16f2dda006e42cd86aa82adb522c24c9bd2c7583c70007a8a58649b07
- SHA512
  
  e5371b267ba5c87c2cf3eb9f1b0ad26dbaee15bbe150af3a4537555a9235fe7dfde85d36d48515b149f8911d46970abd9a0160d17d264c8bf95cce768ba34796
Score

10^/10

asyncrat 2 persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncrat2persistencerat

behavioral2

© 2018-2024

Terms | Privacy