asyncrat | 7281f015876b8bdf48205e5e4cfbb492257e127b4fae7462b07e820f2cf02eb1 | Triage

Submit
Reports

Overview

overview

Static

static

#3072022ac...n.xlsx

windows7_x64

#3072022ac...n.xlsx

windows10-2004_x64

1

Sharing

General

Target

#3072022account information.xlsx
Size

177KB
Sample

220704-jgdeysfchm
MD5

53a7e8cab849d4fa5004219919dc5ccf
SHA1

7cfc3a226c2b1d18393bbf90cbc120fbb8a6bbbe
SHA256

7281f015876b8bdf48205e5e4cfbb492257e127b4fae7462b07e820f2cf02eb1
SHA512

70adf8d2eadae2ac3453058a31546fb1f532d0d6fd4b3b093f93d5ebd1a3e80472a86d3118f66c91cc5bcb3d1d572ce06fa4e0895e8e0a9ff68df700bc9d20d5

Score

10^/10

asyncrat default rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

#3072022account information.xlsx

Resource

win7-20220414-en

asyncrat default rat suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

#3072022account information.xlsx

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

vivald21.hopto.org:9954

63.141.237.188:9954

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  #3072022account information.xlsx
- Size
  
  177KB
- MD5
  
  53a7e8cab849d4fa5004219919dc5ccf
- SHA1
  
  7cfc3a226c2b1d18393bbf90cbc120fbb8a6bbbe
- SHA256
  
  7281f015876b8bdf48205e5e4cfbb492257e127b4fae7462b07e820f2cf02eb1
- SHA512
  
  70adf8d2eadae2ac3453058a31546fb1f532d0d6fd4b3b093f93d5ebd1a3e80472a86d3118f66c91cc5bcb3d1d572ce06fa4e0895e8e0a9ff68df700bc9d20d5
Score

10^/10

asyncrat default rat suricata
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
  suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
  suricata
- suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
  suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
  suricata
- Async RAT payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Scheduled Task

Exploitation for Client Execution

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratdefaultratsuricata

behavioral2

© 2018-2024

Terms | Privacy