asyncrat | fcd18b069a963b01f447b35ac7f12421ac36f8c577a1f19880ea0258e0505747 | Triage

Submit
Reports

Overview

overview

Static

static

116 Pax Ch...ls.vbs

windows7_x64

116 Pax Ch...ls.vbs

windows10_x64

Sharing

General

Target

116 Pax Charter Details.vbs
Size

57KB
Sample

220414-szqyfadcar
MD5

52d94e55aac61768976f39040c288eef
SHA1

e942fa64351f106b614b28e86d3a42d50e5a0443
SHA256

fcd18b069a963b01f447b35ac7f12421ac36f8c577a1f19880ea0258e0505747
SHA512

fe278c9483992b979e356ec4380182d7519d47144cf3ed9c9caaf0346c4bcb788272562f57264ac7a3a35bf67e9e36ac19ec5d5a07d9564a99360de77b72b717

Score

10^/10

asyncrat metastealer default rat stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

116 Pax Charter Details.vbs

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

116 Pax Charter Details.vbs

Resource

win10-20220414-en

asyncrat metastealer default rat stealer suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://textbin.net/raw/x6lfwhnyrz

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

crazydns.linkpc.net:5900

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  116 Pax Charter Details.vbs
- Size
  
  57KB
- MD5
  
  52d94e55aac61768976f39040c288eef
- SHA1
  
  e942fa64351f106b614b28e86d3a42d50e5a0443
- SHA256
  
  fcd18b069a963b01f447b35ac7f12421ac36f8c577a1f19880ea0258e0505747
- SHA512
  
  fe278c9483992b979e356ec4380182d7519d47144cf3ed9c9caaf0346c4bcb788272562f57264ac7a3a35bf67e9e36ac19ec5d5a07d9564a99360de77b72b717
Score

10^/10

asyncrat metastealer default rat stealer suricata
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Meta Stealer Stealer
  Meta Stealer steals passwords stored in browsers, written in C++.
  stealer metastealer
- suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT)
  suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT)
  suricata
- Async RAT payload
  rat
- Blocklisted process makes network request
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

asyncratmetastealerdefaultratstealersuricata

© 2018-2024

Terms | Privacy