asyncrat | 9e67211ceec280aedb01a69a61241af34c484be69c160313408309c56a59214a | Triage

Submit
Reports

Overview

overview

Static

static

New Purcha...er.exe

windows7_x64

New Purcha...er.exe

windows10-2004_x64

Sharing

General

Target

9e67211ceec280aedb01a69a61241af34c484be69c160313408309c56a59214a
Size

173KB
Sample

220521-xkyrysfcbj
MD5

8638c62d1217deb422a24e9e952bba02
SHA1

cfc6ae58463e03da00c7d4c8fdeae33418381b16
SHA256

9e67211ceec280aedb01a69a61241af34c484be69c160313408309c56a59214a
SHA512

2787d3d26c0dbb15e5d8897b8c146d798caf30c0c15ca949fc218a4dd765571d80d1d7c4e2e3b25d664532d642ac262dca3d9817544e3207dabc582a626c9cb2

Score

10^/10

asyncrat default rat

Static task

static1

Behavioral task

behavioral1

Sample

New Purchase Order.exe

Resource

win7-20220414-en

asyncrat default rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

New Purchase Order.exe

Resource

win10v2004-20220414-en

asyncrat default rat

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

freshg.ddns.net:2256

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
logs.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  New Purchase Order.exe
- Size
  
  287KB
- MD5
  
  072c089d4dbca02a4ae028d984f4cc03
- SHA1
  
  3bd3b2dd8b8876c64bf528ee503c5ff2a893f897
- SHA256
  
  4c66ebb40e5abd92b6a6985e8409116c5424ebb9af0c320cbafb031698e5022c
- SHA512
  
  3f2988a4f256e1b4cb07af531798d7d3bd445f27a81aecf15f200cc8aa1c2fdaff591e9865965468d651a7d578808550dfba95d959d74eb7a1abd3c667af67ac
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat

© 2018-2024

Terms | Privacy