asyncrat | 1b0a551577b66e5829eabfbdd99459b779d713a127812788ab96f90e08340e64 | Triage

Submit
Reports

Overview

overview

Static

static

ea38cfcc02...c1.exe

windows7_x64

ea38cfcc02...c1.exe

windows10-2004_x64

Sharing

General

Target

ea38cfcc0258377c4feedfc30ed0bbc1.exe
Size

180KB
Sample

220630-kk236abee4
MD5

ea38cfcc0258377c4feedfc30ed0bbc1
SHA1

7b3bbfdffbfdaf8209d30f33c545b54abfd2816f
SHA256

1b0a551577b66e5829eabfbdd99459b779d713a127812788ab96f90e08340e64
SHA512

3920ac4956040655c0afac75d4030689ae367f324647c70e43a174938bed8a0ae993b417bb21d96a3ca31f631201b7fbfbbf6b89b37814815f51618d0e3928cc

Score

10^/10

asyncrat default persistence rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

ea38cfcc0258377c4feedfc30ed0bbc1.exe

Resource

win7-20220414-en

asyncrat default persistence rat suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ea38cfcc0258377c4feedfc30ed0bbc1.exe

Resource

win10v2004-20220414-en

asyncrat default persistence rat suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

62.197.136.195:3333

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
true
install_file
testversion.exe
install_folder
%Temp%

aes.plain

Targets

- Target
  
  ea38cfcc0258377c4feedfc30ed0bbc1.exe
- Size
  
  180KB
- MD5
  
  ea38cfcc0258377c4feedfc30ed0bbc1
- SHA1
  
  7b3bbfdffbfdaf8209d30f33c545b54abfd2816f
- SHA256
  
  1b0a551577b66e5829eabfbdd99459b779d713a127812788ab96f90e08340e64
- SHA512
  
  3920ac4956040655c0afac75d4030689ae367f324647c70e43a174938bed8a0ae993b417bb21d96a3ca31f631201b7fbfbbf6b89b37814815f51618d0e3928cc
Score

10^/10

asyncrat default persistence rat suricata
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Modifies WinLogon for persistence
  persistence
- suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT)
  suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT)
  suricata
- Async RAT payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Winlogon Helper DLL

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratdefaultpersistenceratsuricata

behavioral2

asyncratdefaultpersistenceratsuricata

© 2018-2024

Terms | Privacy