asyncrat | f32fc896121944f9c4708aec496bddd7a1e774c82e9807371f020a865971d8b7 | Triage

Submit
Reports

Overview

overview

Static

static

DHL-RELC-R...XP.exe

windows7_x64

DHL-RELC-R...XP.exe

windows10-2004_x64

Sharing

General

Target

f32fc896121944f9c4708aec496bddd7a1e774c82e9807371f020a865971d8b7
Size

258KB
Sample

220521-cacrhsdeb9
MD5

7d156495096949bdc72cb97fb0479d27
SHA1

fd2a1ad9f9b65cb97433ac6c3c80bcf6f68e0ed8
SHA256

f32fc896121944f9c4708aec496bddd7a1e774c82e9807371f020a865971d8b7
SHA512

86a5ddae9fd3ec4c25b7f705ffb593a21880e0626796744eb2346b1f5aa69ac2605b6e310c41190c7affcf2ffc610a4163efe0b2f67f443b6afe608b04146349

Score

10^/10

asyncrat unitybankforallman coreentity rat rezer0

Static task

static1

Behavioral task

behavioral1

Sample

DHL-RELC-REFERN-DHL-COVERALS5RrLEIlzVa4iXP.exe

Resource

win7-20220414-en

asyncrat unitybankforallman coreentity rat rezer0

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

DHL-RELC-REFERN-DHL-COVERALS5RrLEIlzVa4iXP.exe

Resource

win10v2004-20220414-en

asyncrat unitybankforallman rat

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.6D

Botnet

UNITYBANKFORALLMAN

C2

makesureeasteats.duckdns.org:6606

Mutex

uqeolevmck

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  DHL-RELC-REFERN-DHL-COVERALS5RrLEIlzVa4iXP.exe
- Size
  
  374KB
- MD5
  
  e3d8daec720c0cf54420951020cffdf8
- SHA1
  
  5982d17e7a1cb3105830e51b9fe05596739c51fa
- SHA256
  
  6a1ebc534faa5e6c5535181838e95c95a5271f519b2fdc8cca011d7477a2584b
- SHA512
  
  17483468279dfb3cddc08442cab7bd65c95fc63b47f2ed72bec28877b538f8332173cfcba18a41a62c20a80f9f84b36ab027f4cc17982894a237b79343b73c29
Score

10^/10

asyncrat unitybankforallman coreentity rat rezer0
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- Async RAT payload
  rat
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratunitybankforallmancoreentityratrezer0

behavioral2

asyncratunitybankforallmanrat

© 2018-2024

Terms | Privacy