asyncrat | 0107796696a369ff65f7156be554659e8cba137cdf4af78da7daac9362820737 | Triage

Submit
Reports

Overview

overview

Static

static

afcd19bfc8...37.exe

windows7_x64

afcd19bfc8...37.exe

windows10-2004_x64

Sharing

General

Target

afcd19bfc8c7d2e14b896774c2bc4c37.exe
Size

571KB
Sample

220701-w4wk9saean
MD5

afcd19bfc8c7d2e14b896774c2bc4c37
SHA1

e25f7298d5f0f8e241c9c7a5af34e643685ce6bd
SHA256

0107796696a369ff65f7156be554659e8cba137cdf4af78da7daac9362820737
SHA512

cb196072de8942d28535a8afb66223855308933936d774310eeabea822f3ec894112281c9d5477a1b0f31e6bae55bc1b2b4f665120c83bf2494449ea348dc88f

Score

10^/10

asyncrat nigatex persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

afcd19bfc8c7d2e14b896774c2bc4c37.exe

Resource

win7-20220414-en

asyncrat nigatex rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

afcd19bfc8c7d2e14b896774c2bc4c37.exe

Resource

win10v2004-20220414-en

asyncrat nigatex persistence rat

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Nigatex

C2

nigatex.ml:25565

Mutex

huieqwgehqweqduia

Attributes

delay
1
install
false
install_file
MpCopyAccelerator.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  afcd19bfc8c7d2e14b896774c2bc4c37.exe
- Size
  
  571KB
- MD5
  
  afcd19bfc8c7d2e14b896774c2bc4c37
- SHA1
  
  e25f7298d5f0f8e241c9c7a5af34e643685ce6bd
- SHA256
  
  0107796696a369ff65f7156be554659e8cba137cdf4af78da7daac9362820737
- SHA512
  
  cb196072de8942d28535a8afb66223855308933936d774310eeabea822f3ec894112281c9d5477a1b0f31e6bae55bc1b2b4f665120c83bf2494449ea348dc88f
Score

10^/10

asyncrat nigatex rat persistence
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratnigatexrat

behavioral2

asyncratnigatexpersistencerat

© 2018-2024

Terms | Privacy