asyncrat | 74a3205e3a8f881af4b7b48d71854b2484eb9d3ea631e24b45c2c36278c187b8 | Triage

Submit
Reports

Overview

overview

Static

static

Doc#662020...df.exe

windows7_x64

Doc#662020...df.exe

windows10-2004_x64

Sharing

General

Target

74a3205e3a8f881af4b7b48d71854b2484eb9d3ea631e24b45c2c36278c187b8
Size

207KB
Sample

220521-xjtfvabhb9
MD5

55b4d3a324972f2aca755a6d6c181212
SHA1

213045b32c0817eb6a6f91635dc632bb25c0d048
SHA256

74a3205e3a8f881af4b7b48d71854b2484eb9d3ea631e24b45c2c36278c187b8
SHA512

195e86fa179d304ff6a7e0c380b6b893264c8b64e309f896e5900958278fd16ad75d3d1519c646d77225b2dd8ee0148e4e30c4cf8fc576591e0d09662efa9f09

Score

10^/10

asyncrat together rat

Static task

static1

Behavioral task

behavioral1

Sample

Doc#66202009475352576530141.pdf.exe

Resource

win7-20220414-en

asyncrat together rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Doc#66202009475352576530141.pdf.exe

Resource

win10v2004-20220414-en

asyncrat together rat

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

TOGETHER

Mutex

chizzy25@/@!7^UPCAZ

Attributes

delay
3
install
false
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/HKYwiN9V

aes.plain

Targets

- Target
  
  Doc#66202009475352576530141.pdf.exe
- Size
  
  414KB
- MD5
  
  b54eea6b86a4ea7a743e1db549ea54f9
- SHA1
  
  2291b8a0e39ca979d0373f98fd2ba8e86105da65
- SHA256
  
  9ff9a09c4e1ff0b737d630660b25335cded1fbe365628b5d6e59211e7d8ff53c
- SHA512
  
  d5a477a98e5d8939fbcd97d05585fcc6a8f6f8d5e9eb95bf1d220d2ff7fb89d34c8aa83b2708d54ce1b861feab79b39d7ad6ce25557a4e5c50df5173cac33e64
Score

10^/10

asyncrat together rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

asyncrattogetherrat

behavioral2

asyncrattogetherrat

© 2018-2024

Terms | Privacy