asyncrat | 561d4930d5ff9d53ffbee68d2554f89ed3b32968ee29b2520ce1f60c5a0d4ff2 | Triage

Submit
Reports

Overview

overview

Static

static

561d4930d5...f2.exe

windows7_x64

561d4930d5...f2.exe

windows10-2004_x64

Sharing

General

Target

561d4930d5ff9d53ffbee68d2554f89ed3b32968ee29b2520ce1f60c5a0d4ff2
Size

45KB
Sample

220521-pmlamsagek
MD5

708b15fe967de91ec55bfc6fdd54433b
SHA1

7ce54db6b7a46e78a1fa78b9588c78e1ca2bc904
SHA256

561d4930d5ff9d53ffbee68d2554f89ed3b32968ee29b2520ce1f60c5a0d4ff2
SHA512

e84b7003094dc40eb025fe44175571d3665dc00d844c574db97f48aceb8cfd2af5bedaf58ffb66d97e694fb6bf5b9e15d07221a115e113f2e467dd3bfd043c2f

Score

10^/10

asyncrat default rat

Static task

static1

rat default asyncrat

Behavioral task

behavioral1

Sample

561d4930d5ff9d53ffbee68d2554f89ed3b32968ee29b2520ce1f60c5a0d4ff2.exe

Resource

win7-20220414-en

asyncrat default rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

561d4930d5ff9d53ffbee68d2554f89ed3b32968ee29b2520ce1f60c5a0d4ff2.exe

Resource

win10v2004-20220414-en

asyncrat default rat

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

127.0.0.1:8574

lowkeyjust.ddns.net:6606

lowkeyjust.ddns.net:7707

lowkeyjust.ddns.net:8808

lowkeyjust.ddns.net:8574

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
12
install
true
install_file
SteamStartupService.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  561d4930d5ff9d53ffbee68d2554f89ed3b32968ee29b2520ce1f60c5a0d4ff2
- Size
  
  45KB
- MD5
  
  708b15fe967de91ec55bfc6fdd54433b
- SHA1
  
  7ce54db6b7a46e78a1fa78b9588c78e1ca2bc904
- SHA256
  
  561d4930d5ff9d53ffbee68d2554f89ed3b32968ee29b2520ce1f60c5a0d4ff2
- SHA512
  
  e84b7003094dc40eb025fe44175571d3665dc00d844c574db97f48aceb8cfd2af5bedaf58ffb66d97e694fb6bf5b9e15d07221a115e113f2e467dd3bfd043c2f
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat

© 2018-2024

Terms | Privacy