asyncrat | 7f7e5dbb3a9a8eaf64415ff8ec0ae985fb8b9d3882693231dc016f263d83f4c0 | Triage

Submit
Reports

Overview

overview

Static

static

UD_PO_000681.exe

windows7_x64

UD_PO_000681.exe

windows10-2004_x64

Sharing

General

Target

7f7e5dbb3a9a8eaf64415ff8ec0ae985fb8b9d3882693231dc016f263d83f4c0
Size

544KB
Sample

220521-pjmdjaafbp
MD5

3754efa33a1c67dea4497a2da1f6ca4a
SHA1

6a2aeb29f952eedc58428990983072266f3e860f
SHA256

7f7e5dbb3a9a8eaf64415ff8ec0ae985fb8b9d3882693231dc016f263d83f4c0
SHA512

b00c1bda2a2c613de403bbef4ee178482fa827d290ab4cdcd1bc50adf3be1654beaa6a448d410ea22f15e5d49bcfaea67a299845d5b0426d6d045ce4822172d6

Score

10^/10

asyncrat cbcc persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

UD_PO_000681.exe

Resource

win7-20220414-en

asyncrat cbcc persistence rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

UD_PO_000681.exe

Resource

win10v2004-20220414-en

asyncrat cbcc persistence rat

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

cbcc

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_file
billionaire.exe
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/8wApsDtD

aes.plain

Targets

- Target
  
  UD_PO_000681.exe
- Size
  
  483KB
- MD5
  
  24a8d8c071bbb496ba8e64e7817fd6c9
- SHA1
  
  f40194270a9475aeb044a062bd7ef9376d8ed857
- SHA256
  
  c890bc2e899bdb9c2a7cbe9ab52b852c5ea6832e44615f2afc66ab47925866d2
- SHA512
  
  c4dcbb0b0fdc7469c6e5abc038867f3c65e179a3692dc884d7713db20c2fdefb4f96d5369210aedf807008cbe3821b05fb2a162c45a603aa0c68d56962d4e9a0
Score

10^/10

asyncrat cbcc persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

asyncratcbccpersistencerat

behavioral2

asyncratcbccpersistencerat

© 2018-2024

Terms | Privacy