asyncrat | 8b81793a9208e59123733d44c31e992e32ebdd5d4700d05c14c4982395b44486 | Triage

Submit
Reports

Overview

overview

Static

static

MAJDALANI ...do.exe

windows7_x64

MAJDALANI ...do.exe

windows10-2004_x64

Sharing

General

Target

8b81793a9208e59123733d44c31e992e32ebdd5d4700d05c14c4982395b44486
Size

104KB
Sample

220521-pjbl2aafan
MD5

dedeb7141baef5a9e50639cde06a30c2
SHA1

773abd45701b6988aff29323362384097d5e7a1a
SHA256

8b81793a9208e59123733d44c31e992e32ebdd5d4700d05c14c4982395b44486
SHA512

c399bc9b3a59883ebd8e9f9408a689ae0da24203333a04f31ab3d8c6c89120df26f2f59123068e59a42c61bc743214c05eec23ea5b93053faf0f7c8486915f3f

Score

10^/10

asyncrat god's mercy persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

MAJDALANI INOX SA Pedido.exe

Resource

win7-20220414-en

asyncrat god's mercy persistence rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

MAJDALANI INOX SA Pedido.exe

Resource

win10v2004-20220414-en

asyncrat god's mercy persistence rat

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

GOD'S MERCY

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/reQxa5Ah

aes.plain

Targets

- Target
  
  MAJDALANI INOX SA Pedido.exe
- Size
  
  185KB
- MD5
  
  4abe1482b72bc41218cfa12516674b21
- SHA1
  
  f3f228fe5c3bd9a903cfe891ea46ecfbe69de784
- SHA256
  
  ba1c5f36a287271ae64d7fb5e803ced708a75ac3398448f8c3000cf9f2897f86
- SHA512
  
  256da1cb7be9e593325b23056c9fd10b6c274eb4e5d673186b97a92347b2b36c4c38e324c5e8d489e638b943a114e7f16cbfb7352b44eb6fdfc5cb037a081a2c
Score

10^/10

asyncrat god's mercy persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Modifies WinLogon for persistence
  persistence
- Async RAT payload
  rat
- Drops startup file
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

asyncratgod's mercypersistencerat

behavioral2

asyncratgod's mercypersistencerat

© 2018-2024

Terms | Privacy