asyncrat | d021841d4a25bbe872ac7f71427e5731e441a9f6150f6ebb208c664d6ba48acd | Triage

Submit
Reports

Overview

overview

Static

static

Transferen...ar.jar

windows7_x64

Transferen...ar.jar

windows10-2004_x64

Sharing

General

Target

Transferencias Copiar.jar
Size

287KB
Sample

220701-lvgqmseab7
MD5

513cc3544b4a0523218326b30e99b46b
SHA1

0927ad5ab4a30014fe0125793729ca9f8a74d95a
SHA256

d021841d4a25bbe872ac7f71427e5731e441a9f6150f6ebb208c664d6ba48acd
SHA512

fe435151e2d374858426777b95c18fb5590ab745815a43e58ad6ae4d6c19610895750d6cebcfc7341cedf6b3ed78c46db06b8d2b74ba889618a54222326a7ecf

Score

10^/10

asyncrat strrat default persistence rat stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Transferencias Copiar.jar

Resource

win7-20220414-en

asyncrat strrat default persistence rat stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Transferencias Copiar.jar

Resource

win10v2004-20220414-en

asyncrat strrat default persistence rat stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

franmhort.duia.ro:8153

Mutex

Mutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
win.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Transferencias Copiar.jar
- Size
  
  287KB
- MD5
  
  513cc3544b4a0523218326b30e99b46b
- SHA1
  
  0927ad5ab4a30014fe0125793729ca9f8a74d95a
- SHA256
  
  d021841d4a25bbe872ac7f71427e5731e441a9f6150f6ebb208c664d6ba48acd
- SHA512
  
  fe435151e2d374858426777b95c18fb5590ab745815a43e58ad6ae4d6c19610895750d6cebcfc7341cedf6b3ed78c46db06b8d2b74ba889618a54222326a7ecf
Score

10^/10

asyncrat strrat default persistence rat stealer trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Async RAT payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratstrratdefaultpersistenceratstealertrojan

behavioral2

asyncratstrratdefaultpersistenceratstealertrojan

© 2018-2024

Terms | Privacy