asyncrat | 44c06ff9482b8356d33690f94f56cf6ea29e2ff0f167c11a49594d542412f16b | Triage

Submit
Reports

Overview

overview

Static

static

44c06ff948...6b.exe

windows7_x64

44c06ff948...6b.exe

windows10-2004_x64

Sharing

General

Target

44c06ff9482b8356d33690f94f56cf6ea29e2ff0f167c11a49594d542412f16b
Size

1008KB
Sample

220630-xl1myaghaj
MD5

e545f0dcbd848ce0e1594b9efe51b572
SHA1

7518a03d5a85c4a919dfb89a85af5f9e5fdf7713
SHA256

44c06ff9482b8356d33690f94f56cf6ea29e2ff0f167c11a49594d542412f16b
SHA512

8cd58be448e211723a13027ff6fea7a1b28cc7b603627c973022277c36642639aaf3e8b0d865a292b09b6c071375d580e94ccaa29b8f545aca22e0a3568ee333

Score

10^/10

asyncrat evasion rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

44c06ff9482b8356d33690f94f56cf6ea29e2ff0f167c11a49594d542412f16b.exe

Resource

win7-20220414-en

asyncrat evasion rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

44c06ff9482b8356d33690f94f56cf6ea29e2ff0f167c11a49594d542412f16b.exe

Resource

win10v2004-20220414-en

asyncrat evasion rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  44c06ff9482b8356d33690f94f56cf6ea29e2ff0f167c11a49594d542412f16b
- Size
  
  1008KB
- MD5
  
  e545f0dcbd848ce0e1594b9efe51b572
- SHA1
  
  7518a03d5a85c4a919dfb89a85af5f9e5fdf7713
- SHA256
  
  44c06ff9482b8356d33690f94f56cf6ea29e2ff0f167c11a49594d542412f16b
- SHA512
  
  8cd58be448e211723a13027ff6fea7a1b28cc7b603627c973022277c36642639aaf3e8b0d865a292b09b6c071375d580e94ccaa29b8f545aca22e0a3568ee333
Score

10^/10

asyncrat evasion rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Windows security bypass
  evasion trojan
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Windows security modification
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

asyncratevasionrattrojan

behavioral2

asyncratevasionrattrojan

© 2018-2024

Terms | Privacy