asyncrat | beeaf2d429366f0fc23e5934c3c27cbea8fd6deec0d9a88395baa807836d78bf | Triage

Submit
Reports

Overview

overview

Static

static

顧客訂�...20.exe

windows7_x64

顧客訂�...20.exe

windows10-2004_x64

Sharing

General

Target

beeaf2d429366f0fc23e5934c3c27cbea8fd6deec0d9a88395baa807836d78bf
Size

297KB
Sample

220520-19zx4aehg9
MD5

55a4a8bde8896304baddaf01b2cc4b63
SHA1

5a181c4ed84929e17ce2db62f8e4ed3595d5155e
SHA256

beeaf2d429366f0fc23e5934c3c27cbea8fd6deec0d9a88395baa807836d78bf
SHA512

8cbf51c6bf1f907891f0dcb9a3e1f101bd3483cc89cc64b644e743bf9c1bab8a5dfbb377562bdd990e7ca05cc7ac0aa2b47c335c1da5eba62a928d67591d6176

Score

10^/10

asyncrat god's mercy rat

Static task

static1

Behavioral task

behavioral1

Sample

顧客訂單_081720.exe

Resource

win7-20220414-en

asyncrat god's mercy rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

顧客訂單_081720.exe

Resource

win10v2004-20220414-en

asyncrat god's mercy rat

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

GOD'S MERCY

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/reQxa5Ah

aes.plain

Targets

- Target
  
  顧客訂單_081720.exe
- Size
  
  399KB
- MD5
  
  fca5062e93aad2523c6bb28f1147629d
- SHA1
  
  9269d7bdd9332107c524ad9280dfb8cef0bcc6a2
- SHA256
  
  9be04012b4927a7e93498068acaaac6e157192df66509a20079fa39084735247
- SHA512
  
  9195d99b6d8c547920a13f7a483fa71706145f09f1aa7ea3c552e5d48ed9a824314ccaefa30b0a869bbc7a6c82483be350a8ca759ac3eeabe9026432c104ab45
Score

10^/10

asyncrat god's mercy rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

asyncratgod's mercyrat

behavioral2

asyncratgod's mercyrat

© 2018-2024

Terms | Privacy