asyncrat | 9d4dde887284965c3da6bcacaaf612544dc56fa72898d10d1028b006023bcf26 | Triage

Submit
Reports

Overview

overview

Static

static

Fancourier...RO.rtf

windows7_x64

Fancourier...RO.rtf

windows10-2004_x64

1

Sharing

General

Target

Fancourier 09032200754RO.doc
Size

12KB
Sample

220315-rf5rtacdh4
MD5

881bdb65541039b84660ea9110721e8b
SHA1

006488987324324f2b89dd58c743d86a29f91ec6
SHA256

9d4dde887284965c3da6bcacaaf612544dc56fa72898d10d1028b006023bcf26
SHA512

e3d214a26fb1bedd33eafa31fb2b9b3dc8f1900015c2014177c383ef05878f6cea5dc1a277ee5d685d1127bda7ea7dbd007ca2579447a80ac876831809a2b43f

Score

10^/10

asyncrat 2 persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

Fancourier 09032200754RO.rtf

Resource

win7-20220311-en

asyncrat 2 persistence rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Fancourier 09032200754RO.rtf

Resource

win10v2004-en-20220113

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

2

C2

212.193.30.54:9524

Mutex

wyQ92!.,=FT72few

Attributes

anti_vm
false
bsod
false
delay
3
install
false
install_folder
%AppData%
pastebin_config
null

aes.plain

Targets

- Target
  
  Fancourier 09032200754RO.doc
- Size
  
  12KB
- MD5
  
  881bdb65541039b84660ea9110721e8b
- SHA1
  
  006488987324324f2b89dd58c743d86a29f91ec6
- SHA256
  
  9d4dde887284965c3da6bcacaaf612544dc56fa72898d10d1028b006023bcf26
- SHA512
  
  e3d214a26fb1bedd33eafa31fb2b9b3dc8f1900015c2014177c383ef05878f6cea5dc1a277ee5d685d1127bda7ea7dbd007ca2579447a80ac876831809a2b43f
Score

10^/10

asyncrat 2 persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncrat2persistencerat

behavioral2

© 2018-2024

Terms | Privacy