asyncrat | 8ff7fdedc9420387bcf059c5883770b0b4cb6828d1a593032fcc82cf73963d28 | Triage

Submit
Reports

Overview

overview

Static

static

KR-310820.exe

windows7_x64

KR-310820.exe

windows10-2004_x64

Sharing

General

Target

8ff7fdedc9420387bcf059c5883770b0b4cb6828d1a593032fcc82cf73963d28
Size

958KB
Sample

220521-c1fwvshhcq
MD5

2e2750cf2b5c646ab0f0528bf4eee5db
SHA1

7c9b1ee1d21b2dca19efcd07156c48f6b95c9be1
SHA256

8ff7fdedc9420387bcf059c5883770b0b4cb6828d1a593032fcc82cf73963d28
SHA512

a85c88169d5a913d62924f159f8877d8a17ef3e253260c07d6fa49e5315940ca1fbf80c2ae29b2237035063b66c37f7d4fd1defc0d3e15f3c894f44eb8c8855a

Score

10^/10

asyncrat newjob1 evasion rat

Static task

static1

Behavioral task

behavioral1

Sample

KR-310820.exe

Resource

win7-20220414-en

asyncrat newjob1 evasion rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

KR-310820.exe

Resource

win10v2004-20220414-en

asyncrat newjob1 evasion rat

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

newjob1

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/eeJq8Ku6

aes.plain

Targets

- Target
  
  KR-310820.exe
- Size
  
  896KB
- MD5
  
  685be020460aac060f121dd2d689cc2e
- SHA1
  
  eca95082e24b2d15c1cc9f18d8083b9527b23eae
- SHA256
  
  c2e6a6a4dcceeb65c2b769b92223c4b5c6de325709146391a4863dd56f4eb3d1
- SHA512
  
  c2d1330653a2a15d4a84ecaa003e4879bab4116d603a78d0e2adee92e8b0ea728ee284d7d59e73be083274637ce02df96c50ce6ee149d4b9dc4b00a43c93b055
Score

10^/10

asyncrat newjob1 evasion rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

asyncratnewjob1evasionrat

behavioral2

asyncratnewjob1evasionrat

© 2018-2024

Terms | Privacy