asyncrat | 05a68e1fdcf49840097ac9879ff8bf190f7a8a7d7dc33d95d849df9af46a6f85 | Triage

Submit
Reports

Overview

overview

Static

static

7

05a68e1fdc...85.exe

windows7_x64

05a68e1fdc...85.exe

windows10-2004_x64

Sharing

General

Target

05a68e1fdcf49840097ac9879ff8bf190f7a8a7d7dc33d95d849df9af46a6f85
Size

2.6MB
Sample

220708-yw2tesfabm
MD5

7a8a6b5e4e5c662860bbd3adb7e22622
SHA1

234fd518fc22dfd428586a4ba58f85f69be7705d
SHA256

05a68e1fdcf49840097ac9879ff8bf190f7a8a7d7dc33d95d849df9af46a6f85
SHA512

f8ec8a900a253beb54bd9328a9ada484678a2bd6a6b3a380222fa88c30a4653d4f899958a801ee270c4bc949d9d6aaa7ee46515c28f91013ba99869586c2d9c6

Score

10^/10

asyncrat evasion rat themida trojan

Static task

static1

Behavioral task

behavioral1

Sample

05a68e1fdcf49840097ac9879ff8bf190f7a8a7d7dc33d95d849df9af46a6f85.exe

Resource

win7-20220414-en

asyncrat evasion rat themida trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

05a68e1fdcf49840097ac9879ff8bf190f7a8a7d7dc33d95d849df9af46a6f85.exe

Resource

win10v2004-20220414-en

asyncrat evasion rat themida trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.6A

C2

185.70.187.145:5555

Mutex

pehagymxwo

Attributes

delay
5
install
true
install_file
gremor.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  05a68e1fdcf49840097ac9879ff8bf190f7a8a7d7dc33d95d849df9af46a6f85
- Size
  
  2.6MB
- MD5
  
  7a8a6b5e4e5c662860bbd3adb7e22622
- SHA1
  
  234fd518fc22dfd428586a4ba58f85f69be7705d
- SHA256
  
  05a68e1fdcf49840097ac9879ff8bf190f7a8a7d7dc33d95d849df9af46a6f85
- SHA512
  
  f8ec8a900a253beb54bd9328a9ada484678a2bd6a6b3a380222fa88c30a4653d4f899958a801ee270c4bc949d9d6aaa7ee46515c28f91013ba99869586c2d9c6
Score

10^/10

asyncrat evasion rat themida trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratevasionratthemidatrojan

behavioral2

asyncratevasionratthemidatrojan

© 2018-2024

Terms | Privacy