asyncrat | a4a60422374845bf0abd892dd48d352978d697c883196392e0d692f70f0e85c1 | Triage

Submit
Reports

Overview

overview

Static

static

A4A6042237...96.exe

windows7_x64

A4A6042237...96.exe

windows10-2004_x64

Sharing

General

Target

A4A60422374845BF0ABD892DD48D352978D697C883196.exe
Size

701KB
Sample

220701-2f5f6achf9
MD5

1bd98c5b4581aeff9b65ce5653f49cdf
SHA1

3091d81da54ed79391b456e8e94e6b939be2a316
SHA256

a4a60422374845bf0abd892dd48d352978d697c883196392e0d692f70f0e85c1
SHA512

f1462a6d7cfc813cd2ba05d6ccac9656b76ef4ea7418992d1b3b1acdbd779d7b2ab016322f30264c123fea92114a481c1400dc965964731c86974b98922486cc

Score

10^/10

asyncrat default rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

A4A60422374845BF0ABD892DD48D352978D697C883196.exe

Resource

win7-20220414-en

asyncrat default rat suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

A4A60422374845BF0ABD892DD48D352978D697C883196.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.6D

Botnet

Default

C2

milla.publicvm.com:6606

milla.publicvm.com:7707

milla.publicvm.com:8808

Mutex

ncwfisdaribhhybik

Attributes

delay
10
install
true
install_file
syastem.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  A4A60422374845BF0ABD892DD48D352978D697C883196.exe
- Size
  
  701KB
- MD5
  
  1bd98c5b4581aeff9b65ce5653f49cdf
- SHA1
  
  3091d81da54ed79391b456e8e94e6b939be2a316
- SHA256
  
  a4a60422374845bf0abd892dd48d352978d697c883196392e0d692f70f0e85c1
- SHA512
  
  f1462a6d7cfc813cd2ba05d6ccac9656b76ef4ea7418992d1b3b1acdbd779d7b2ab016322f30264c123fea92114a481c1400dc965964731c86974b98922486cc
Score

10^/10

asyncrat default rat suricata
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
  suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
  suricata
- suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
  suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
  suricata
- Async RAT payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratdefaultratsuricata

behavioral2

© 2018-2024

Terms | Privacy