asyncrat | dd184f737fb95e1b427d4c08f52228956611e6196ecdb213e92be324a5ac34ce | Triage

Submit
Reports

Overview

overview

Static

static

SAFETY-PPE...7Z.exe

windows7_x64

SAFETY-PPE...7Z.exe

windows10-2004_x64

Sharing

General

Target

dd184f737fb95e1b427d4c08f52228956611e6196ecdb213e92be324a5ac34ce
Size

183KB
Sample

220521-cfp9ssdgg3
MD5

43811b5bc076765c6e7770c5516116b1
SHA1

f740e62b21c7a062e77c170e9091f49d5ed9c93a
SHA256

dd184f737fb95e1b427d4c08f52228956611e6196ecdb213e92be324a5ac34ce
SHA512

6e6da17d9c56b43df22d530607e4a35e1f6520d104753ab09d93f516d30590f493d1587ae5f0b92f3bb459b2bc19bfb1006271436b61377ceba897588a488d05

Score

10^/10

asyncrat sunday coreentity rat rezer0

Static task

static1

Behavioral task

behavioral1

Sample

SAFETY-PPE-MASK-EQUIPMENT-JOGGRIx8Qfs0orFnQO7Z.exe

Resource

win7-20220414-en

asyncrat sunday coreentity rat rezer0

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SAFETY-PPE-MASK-EQUIPMENT-JOGGRIx8Qfs0orFnQO7Z.exe

Resource

win10v2004-20220414-en

asyncrat sunday rat

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.6D

Botnet

sunday

C2

185.165.153.215:6606

Mutex

uqeolevmck

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  SAFETY-PPE-MASK-EQUIPMENT-JOGGRIx8Qfs0orFnQO7Z.exe
- Size
  
  353KB
- MD5
  
  db9de1e61bf8f5138d797d4bf360faaf
- SHA1
  
  794e45022a9c8e0b5292a86f5e7d3a721d40bf51
- SHA256
  
  243f707f1d8eabf197f836f4e87426bf3f2619ab74a089e15ed8182e74752dcd
- SHA512
  
  c5ec160d17668c9feef2a519a4d1e43270831b24b95b532d43c10e0d411d142135d1417b596b6ec1d095f4e334b9d70aa47e87e2ef3ca5b34fa1c88d80e19dd6
Score

10^/10

asyncrat sunday coreentity rat rezer0
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- Async RAT payload
  rat
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratsundaycoreentityratrezer0

behavioral2

asyncratsundayrat

© 2018-2024

Terms | Privacy