asyncrat | 161173e2ec7c7e3f3e0adae6e5958a849e42f7588d27e641da9865256a0a4b83 | Triage

Submit
Reports

Overview

overview

Static

static

161173e2ec...83.exe

windows7_x64

161173e2ec...83.exe

windows10-2004_x64

Sharing

General

Target

161173e2ec7c7e3f3e0adae6e5958a849e42f7588d27e641da9865256a0a4b83
Size

2.1MB
Sample

220628-rk5ydabff3
MD5

55f1a187f2dd21001affdae1ed5267ca
SHA1

bbe87d68e6503f3fd7a908ce40206ba929ce06df
SHA256

161173e2ec7c7e3f3e0adae6e5958a849e42f7588d27e641da9865256a0a4b83
SHA512

574a3aae17fd809db483a2586957df2b284ee691cfe45bd3b0c494e879d2b9280b70b0e61527d9f0031c645b18308b2c657759a7aa990198ae1ce6441f8885a0

Score

10^/10

asyncrat njrat hacked evasion rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

161173e2ec7c7e3f3e0adae6e5958a849e42f7588d27e641da9865256a0a4b83.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

161173e2ec7c7e3f3e0adae6e5958a849e42f7588d27e641da9865256a0a4b83.exe

Resource

win10v2004-20220414-en

asyncrat njrat hacked evasion rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

httpss.ddns.net:1555

Mutex

5ff1382bbd98dd9fcc9977e69f6e285f

Attributes

reg_key
5ff1382bbd98dd9fcc9977e69f6e285f
splitter
|'|'|

Targets

- Target
  
  161173e2ec7c7e3f3e0adae6e5958a849e42f7588d27e641da9865256a0a4b83
- Size
  
  2.1MB
- MD5
  
  55f1a187f2dd21001affdae1ed5267ca
- SHA1
  
  bbe87d68e6503f3fd7a908ce40206ba929ce06df
- SHA256
  
  161173e2ec7c7e3f3e0adae6e5958a849e42f7588d27e641da9865256a0a4b83
- SHA512
  
  574a3aae17fd809db483a2586957df2b284ee691cfe45bd3b0c494e879d2b9280b70b0e61527d9f0031c645b18308b2c657759a7aa990198ae1ce6441f8885a0
Score

10^/10

asyncrat rat njrat hacked evasion trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Async RAT payload
  rat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratnjrathackedevasionrattrojan

© 2018-2024

Terms | Privacy