asyncrat | 56b6838a0f76da2f937fdbe5b8c936296332f2ba576170ae775ebb3da26b3323 | Triage

Submit
Reports

Overview

overview

Static

static

Disposable...gs.exe

windows7_x64

Disposable...gs.exe

windows10-2004_x64

Sharing

General

Target

56b6838a0f76da2f937fdbe5b8c936296332f2ba576170ae775ebb3da26b3323
Size

232KB
Sample

220521-bt6y2aceb8
MD5

7654740977574da8dbfd051ab392477a
SHA1

dd3c29a88cf5819a61bab7e175f04bf2c11590b1
SHA256

56b6838a0f76da2f937fdbe5b8c936296332f2ba576170ae775ebb3da26b3323
SHA512

3409039d0c6f518dd9d022c28e92440467df24ab79992fbe100d797fb87d613f4556916cb39b6a33f1496623d457c9ed8414352e5dcdbbfc567346963e8865b1

Score

10^/10

asyncrat armaniarmani coreentity rat rezer0

Static task

static1

Behavioral task

behavioral1

Sample

Disposable Protective Clothings.exe

Resource

win7-20220414-en

asyncrat armaniarmani coreentity rat rezer0

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Disposable Protective Clothings.exe

Resource

win10v2004-20220414-en

asyncrat armaniarmani rat

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.6D

Botnet

ArmaniArmani

C2

185.165.153.215:6606

Mutex

uqeolevmck

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Disposable Protective Clothings.exe
- Size
  
  376KB
- MD5
  
  a6b074c03b42a9675cdd237aa106cca2
- SHA1
  
  cc3e04c2d2ed0c0b08f4c81859f8916f4e5d8c4c
- SHA256
  
  13bcf525a0617b8107fa61cd8fc1b47bf37c7a91291c3a68724cf3edac4aeab7
- SHA512
  
  339dc09a2b3f476b81f19011f6b7118e586017a1c8dd09beff50cf2ac3f932372d7ed3e68063ae0681dae90d6457df163bce525873f14a8b8f755de22986811e
Score

10^/10

asyncrat armaniarmani coreentity rat rezer0
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- Async RAT payload
  rat
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratarmaniarmani coreentityratrezer0

behavioral2

asyncratarmaniarmani rat

© 2018-2024

Terms | Privacy