asyncrat | 6ccc49875c2d837f462c4c3bd81f80b3be93f8435e8a22e042b5db025a31a6e3 | Triage

Submit
Reports

Overview

overview

Static

static

0x00080000...59.exe

windows7_x64

0x00080000...59.exe

windows10-2004_x64

Sharing

General

Target

0x0008000000014148-59.dat
Size

45KB
Sample

220629-j1n1sshfd7
MD5

cbdce3b5e2939fe92312004dcb31151f
SHA1

6f11f275c611decd4659f23a4593103f327806a6
SHA256

6ccc49875c2d837f462c4c3bd81f80b3be93f8435e8a22e042b5db025a31a6e3
SHA512

6240f21957016db0607987c81b110e78640d20eeba2dc0274cf6e6741cfd7924ca3b42325405e620f423157c34f355f188dbf60de96421e87f0d53e271fcc2c8

Score

10^/10

asyncrat default rat spyware stealer suricata

Static task

static1

rat default asyncrat

Behavioral task

behavioral1

Sample

0x0008000000014148-59.exe

Resource

win7-20220414-en

asyncrat default rat suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0x0008000000014148-59.exe

Resource

win10v2004-20220414-en

asyncrat default rat spyware stealer suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

franmhort.duia.ro:8153

Mutex

Mutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
win.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  0x0008000000014148-59.dat
- Size
  
  45KB
- MD5
  
  cbdce3b5e2939fe92312004dcb31151f
- SHA1
  
  6f11f275c611decd4659f23a4593103f327806a6
- SHA256
  
  6ccc49875c2d837f462c4c3bd81f80b3be93f8435e8a22e042b5db025a31a6e3
- SHA512
  
  6240f21957016db0607987c81b110e78640d20eeba2dc0274cf6e6741cfd7924ca3b42325405e620f423157c34f355f188dbf60de96421e87f0d53e271fcc2c8
Score

10^/10

asyncrat default rat suricata spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
  suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
  suricata
- suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
  suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
  suricata
- Async RAT payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultratsuricata

behavioral2

asyncratdefaultratspywarestealersuricata

© 2018-2024

Terms | Privacy