asyncrat | 7867c54c88c7ff0ae6687c0f6ab6c903e1b42ac9aaa17744c85da6f9a824d5f9 | Triage

Submit
Reports

Overview

overview

Static

static

Summer_ric...20.exe

windows7_x64

Summer_ric...20.exe

windows10-2004_x64

Sharing

General

Target

7867c54c88c7ff0ae6687c0f6ab6c903e1b42ac9aaa17744c85da6f9a824d5f9
Size

165KB
Sample

220520-29gl7agdh3
MD5

aeaa127b1568b9a60c166f4822091a66
SHA1

dad5ba684612abbae87ab124a85b2334a21df8af
SHA256

7867c54c88c7ff0ae6687c0f6ab6c903e1b42ac9aaa17744c85da6f9a824d5f9
SHA512

600f583e5a22cd1f2c6c11101b7f036aeba4aa5fc682af84d9d206c8edcc13ae8e6ea0e0953c4e67560004774ca1f1cb66561fdcf7b026653963eda0644158b2

Score

10^/10

asyncrat god's mercy rat

Static task

static1

Behavioral task

behavioral1

Sample

Summer_richiesta_di_preventivo_070820.exe

Resource

win7-20220414-en

asyncrat god's mercy rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Summer_richiesta_di_preventivo_070820.exe

Resource

win10v2004-20220414-en

asyncrat god's mercy rat

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

GOD'S MERCY

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/reQxa5Ah

aes.plain

Targets

- Target
  
  Summer_richiesta_di_preventivo_070820.exe
- Size
  
  248KB
- MD5
  
  5cc4ae3ea66ca80fa701b8e1ff5b8793
- SHA1
  
  148d80f999f069a5fd027eabfc9eae7d08f8e39b
- SHA256
  
  427254247932e569d3f40be5ce149266b0a87ed13756ab558818dae5dcabb44a
- SHA512
  
  18416940b4983137e22cc52a473cd73217307981b0ce7705180e5cd5c3e60ba8b17d2fddf1f0547668c6b1c385e6e01ad6bfc1fd4836dd41e2941b21bd2a7706
Score

10^/10

asyncrat god's mercy rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

asyncratgod's mercyrat

behavioral2

asyncratgod's mercyrat

© 2018-2024

Terms | Privacy