asyncrat | c38fc24d76e652212ccf1e79d8f1435efe676596d8bd99b4224bca5449b6a62f | Triage

Submit
Reports

Overview

overview

Static

static

1092-58-0x...ry.exe

windows7_x64

1092-58-0x...ry.exe

windows10-2004_x64

Sharing

General

Target

1092-58-0x00000000004B0000-0x00000000004C2000-memory.dmp
Size

72KB
Sample

220630-kq3a4sheam
MD5

120076dce139888eedd986751a363b06
SHA1

c9eac0bb6dd3865603818f50b30f028ce4f93ff4
SHA256

c38fc24d76e652212ccf1e79d8f1435efe676596d8bd99b4224bca5449b6a62f
SHA512

4cbf19cd348b93560289f102f359fc88d99042e552602fa14d83cdd7fafb9b55910ce75d11fd9f8921fa2697e1efcb77c90e5f33ff062eda794aa4921ef976d5

Score

10^/10

asyncrat default rat suricata

Static task

static1

rat default asyncrat

Behavioral task

behavioral1

Sample

1092-58-0x00000000004B0000-0x00000000004C2000-memory.exe

Resource

win7-20220414-en

asyncrat default rat suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1092-58-0x00000000004B0000-0x00000000004C2000-memory.exe

Resource

win10v2004-20220414-en

asyncrat default rat suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

62.197.136.195:3333

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
true
install_file
testversion.exe
install_folder
%Temp%

aes.plain

Targets

- Target
  
  1092-58-0x00000000004B0000-0x00000000004C2000-memory.dmp
- Size
  
  72KB
- MD5
  
  120076dce139888eedd986751a363b06
- SHA1
  
  c9eac0bb6dd3865603818f50b30f028ce4f93ff4
- SHA256
  
  c38fc24d76e652212ccf1e79d8f1435efe676596d8bd99b4224bca5449b6a62f
- SHA512
  
  4cbf19cd348b93560289f102f359fc88d99042e552602fa14d83cdd7fafb9b55910ce75d11fd9f8921fa2697e1efcb77c90e5f33ff062eda794aa4921ef976d5
Score

10^/10

asyncrat default rat suricata
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT)
  suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT)
  suricata
- Async RAT payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultratsuricata

behavioral2

asyncratdefaultratsuricata

© 2018-2024

Terms | Privacy