asyncrat | 4cd3516445804b6db6def641799df96a0ceb4d74db20ea631a833944816f93f6 | Triage

Submit
Reports

Overview

overview

Static

static

disposable...SK.exe

windows7_x64

disposable...SK.exe

windows10-2004_x64

Sharing

General

Target

4cd3516445804b6db6def641799df96a0ceb4d74db20ea631a833944816f93f6
Size

233KB
Sample

220521-b16a3sfhdr
MD5

e0d2700717c9cedf057afc5a81301809
SHA1

cf5e16bba33cabaf311fdf6d4ba633f987857784
SHA256

4cd3516445804b6db6def641799df96a0ceb4d74db20ea631a833944816f93f6
SHA512

77507489bd6ab423c55e5293dfd5f92481b3d68212df52d37da3cceba687063071b34b2848870d7a3e3b7bcee891728f4632395463bfb1dc013d980638feccd8

Score

10^/10

asyncrat mekuskic coreentity rat rezer0

Static task

static1

Behavioral task

behavioral1

Sample

disposable-ppe-plus7269210-coverall-FACE-MASK.exe

Resource

win7-20220414-en

asyncrat mekuskic coreentity rat rezer0

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

disposable-ppe-plus7269210-coverall-FACE-MASK.exe

Resource

win10v2004-20220414-en

asyncrat mekuskic rat

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.6D

Botnet

MEKUSKIC

C2

185.165.153.215:6606

Mutex

uqeolevmck

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  disposable-ppe-plus7269210-coverall-FACE-MASK.exe
- Size
  
  378KB
- MD5
  
  1e481676baa52debdfe61bbee086973f
- SHA1
  
  94d010cb79798bccd7506634a3ff66b2724e29d4
- SHA256
  
  41b228a6fc3e91dfbc8f98db716e3ca175a97e57fecd22e4ba13fb7ba9070750
- SHA512
  
  6455afc5224312be0f0e2e1393c70ab78c9c88a779e0397b4807faf0b92d5372f311913e7c52020c3c694714ad397d57200b1e6e5fcf0e0b9e43b72356d8c443
Score

10^/10

asyncrat mekuskic coreentity rat rezer0
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- Async RAT payload
  rat
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratmekuskiccoreentityratrezer0

behavioral2

asyncratmekuskicrat

© 2018-2024

Terms | Privacy