asyncrat | e3ec61e0c6ac38b3d6d1371fa70634fa7f1b9bbefc7b2980d875982ba852ec63 | Triage

Submit
Reports

Overview

overview

Static

static

AWB#530532...df.exe

windows7_x64

AWB#530532...df.exe

windows10-2004_x64

Sharing

General

Target

e3ec61e0c6ac38b3d6d1371fa70634fa7f1b9bbefc7b2980d875982ba852ec63
Size

240KB
Sample

220521-cd26ksdfh8
MD5

5cc5eb847777a649da39a1b452be18eb
SHA1

d150248fe74342c94b69fb9d1a19731cadb68522
SHA256

e3ec61e0c6ac38b3d6d1371fa70634fa7f1b9bbefc7b2980d875982ba852ec63
SHA512

cb9e638bb28d3e84bb1f5e1a2db5f42e6b60ca0f4ffc403cfe55fedb0716677dfe199309d3ffed3554c5cd037f7de5f865f9991f5bd5cb5d6d28944116d76568

Score

10^/10

asyncrat may11thup coreentity rat rezer0

Static task

static1

Behavioral task

behavioral1

Sample

AWB#5305323204643,pdf.exe

Resource

win7-20220414-en

asyncrat may11thup coreentity rat rezer0

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

AWB#5305323204643,pdf.exe

Resource

win10v2004-20220414-en

asyncrat may11thup rat

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

MAY11thUP

Mutex

chizzy25@!7^UP

Attributes

delay
3
install
false
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/HKYwiN9V

aes.plain

Targets

- Target
  
  AWB#5305323204643,pdf.exe
- Size
  
  180KB
- MD5
  
  9be5fc19a414a94352b127af2424ac86
- SHA1
  
  8ae697c2bce8190f4bc324e0553ca111dd9bb8a6
- SHA256
  
  fba5658815c50ae760c7baf3e1bd1bc7f3f78a7bf71066c4b4502b755b35826c
- SHA512
  
  2486d1945fcf5491db7ee9938a327fcfb1f88d98be52d4c7905a79821cc3188e030a44892364c2c6d38c6154dfef98f0423f75a8078c004183e192706889705d
Score

10^/10

asyncrat may11thup coreentity rat rezer0
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- Async RAT payload
  rat
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratmay11thupcoreentityratrezer0

behavioral2

asyncratmay11thuprat

© 2018-2024

Terms | Privacy