asyncrat | 5cdbdd323154f2b9d326ba16c9ca37d6d3178ef625b72e7180e9789da5e67063 | Triage

Submit
Reports

Overview

overview

Static

static

disposable...sk.exe

windows7_x64

disposable...sk.exe

windows10-2004_x64

Sharing

General

Target

5cdbdd323154f2b9d326ba16c9ca37d6d3178ef625b72e7180e9789da5e67063
Size

301KB
Sample

220521-pk9v8afed6
MD5

8b88eddfa0914fe67dea3f5712fd4f51
SHA1

aeecc24b6872b4b9f3cc464c9b4be3bdc99eeb8a
SHA256

5cdbdd323154f2b9d326ba16c9ca37d6d3178ef625b72e7180e9789da5e67063
SHA512

f9e71dbbd09207a55b395dd013c9fccc40c12ed214615066d5380682add11893153ba342d029172be003c6fedb9347177b9a8386341519fb688c1b680a724de4

Score

10^/10

asyncrat hardhard coreentity rat rezer0

Static task

static1

Behavioral task

behavioral1

Sample

disposable protective mask.exe

Resource

win7-20220414-en

asyncrat hardhard coreentity rat rezer0

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

disposable protective mask.exe

Resource

win10v2004-20220414-en

asyncrat hardhard rat

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.6D

Botnet

HARDHARD

C2

185.165.153.215:6606

Mutex

uqeolevmck

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  disposable protective mask.exe
- Size
  
  538KB
- MD5
  
  349decc4593ee1efe629681f446c6d86
- SHA1
  
  c751c97becccf1c4e9f9af7009d97f7e71c13de9
- SHA256
  
  6c961875370f68c10a135e3d0c14ec8164bb92556a8e3482cd80b52f96e4bc52
- SHA512
  
  3c4df88c27c04cbd69070ea122672db265c8307a2a502b35a2887199e2013fa2fa7156b2a323dbceb771732f5415727fe7260f5100db85b2a32dd433cdd8505a
Score

10^/10

asyncrat hardhard coreentity rat rezer0
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- Async RAT payload
  rat
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncrathardhardcoreentityratrezer0

behavioral2

asyncrathardhardrat

© 2018-2024

Terms | Privacy