asyncrat | 899add4d120b60a2dad900062baabfc70d6cbb616d9f4a784e850197f580fa84 | Triage

Submit
Reports

Overview

overview

Static

static

899add4d12...84.exe

windows7_x64

899add4d12...84.exe

windows10-2004_x64

Sharing

General

Target

899add4d120b60a2dad900062baabfc70d6cbb616d9f4a784e850197f580fa84
Size

385KB
Sample

220523-zk5avabagn
MD5

2a51a997488380da1de20ea4d0050be9
SHA1

27e0c00423195325b5f38cc7060bc4060b520969
SHA256

899add4d120b60a2dad900062baabfc70d6cbb616d9f4a784e850197f580fa84
SHA512

64cbb33704c4be470be12087a1bd76d4fa32d1b5814afa6afa1429ab574ed2cae7bcf5743cad1668be584271281028b81ca2a1f408555bf2ce5977a8d82d2086

Score

10^/10

asyncrat 5 coreentity rat rezer0 suricata

Static task

static1

Behavioral task

behavioral1

Sample

899add4d120b60a2dad900062baabfc70d6cbb616d9f4a784e850197f580fa84.exe

Resource

win7-20220414-en

asyncrat 5 coreentity rat rezer0

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

899add4d120b60a2dad900062baabfc70d6cbb616d9f4a784e850197f580fa84.exe

Resource

win10v2004-20220414-en

asyncrat 5 rat suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.6B

Botnet

5

C2

moveforme.ug:6970

xafsavxcfdgbdsfg.ru:6970

Mutex

tralala

Attributes

delay
0
install
false
install_file
dllhost.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  899add4d120b60a2dad900062baabfc70d6cbb616d9f4a784e850197f580fa84
- Size
  
  385KB
- MD5
  
  2a51a997488380da1de20ea4d0050be9
- SHA1
  
  27e0c00423195325b5f38cc7060bc4060b520969
- SHA256
  
  899add4d120b60a2dad900062baabfc70d6cbb616d9f4a784e850197f580fa84
- SHA512
  
  64cbb33704c4be470be12087a1bd76d4fa32d1b5814afa6afa1429ab574ed2cae7bcf5743cad1668be584271281028b81ca2a1f408555bf2ce5977a8d82d2086
Score

10^/10

asyncrat 5 coreentity rat rezer0 suricata
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- suricata: ET MALWARE Possible Zeus GameOver/FluBot Related DGA NXDOMAIN Responses
  suricata: ET MALWARE Possible Zeus GameOver/FluBot Related DGA NXDOMAIN Responses
  suricata
- Async RAT payload
  rat
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncrat5coreentityratrezer0

behavioral2

asyncrat5ratsuricata

© 2018-2024

Terms | Privacy