asyncrat | d9c6ae4ceb7ede24afeb4c598e3fef327002b6583272a4fa07ba868578d3d62a | Triage

Submit
Reports

Overview

overview

Static

static

177.xlsx

windows7_x64

177.xlsx

windows10-2004_x64

1

Sharing

General

Target

177.xlsx
Size

176KB
Sample

220705-pf2ztaahf5
MD5

5ffe37b62296142c38cd3660a5c15351
SHA1

472afded700a957d3a862cc49c0a7519092d00fb
SHA256

d9c6ae4ceb7ede24afeb4c598e3fef327002b6583272a4fa07ba868578d3d62a
SHA512

85f3b64ebe22cf5fa505c6f0611745146a45c91a20ff22761174d101d02d0851af381491df485f431e639f45ed734ada373043cb76ccda302a6a9289b1a36f97

Score

10^/10

asyncrat default rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

177.xlsx

Resource

win7-20220414-en

asyncrat default rat suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

177.xlsx

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

37.0.14.204:2022

37.0.14.204:2019

37.0.14.204:5631

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  177.xlsx
- Size
  
  176KB
- MD5
  
  5ffe37b62296142c38cd3660a5c15351
- SHA1
  
  472afded700a957d3a862cc49c0a7519092d00fb
- SHA256
  
  d9c6ae4ceb7ede24afeb4c598e3fef327002b6583272a4fa07ba868578d3d62a
- SHA512
  
  85f3b64ebe22cf5fa505c6f0611745146a45c91a20ff22761174d101d02d0851af381491df485f431e639f45ed734ada373043cb76ccda302a6a9289b1a36f97
Score

10^/10

asyncrat default rat suricata
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
  suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
  suricata
- suricata: ET MALWARE MSIL/GenKryptik.FQRH Download Request
  suricata: ET MALWARE MSIL/GenKryptik.FQRH Download Request
  suricata
- suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
  suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
  suricata
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Async RAT payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratdefaultratsuricata

behavioral2

© 2018-2024

Terms | Privacy