asyncrat | af51aadc7d93eea0355ed2605959052333a0e124753ff5df78d16bcbf5031fbe | Triage

Submit
Reports

Overview

overview

Static

static

ScanCopy37...cr.exe

windows7-x64

ScanCopy37...cr.exe

windows10-2004-x64

Sharing

General

Target

ScanCopy378493rh1.scr.exe
Size

1.0MB
Sample

220909-p872jacacr
MD5

c5da839b1c6505b50f9d18588bc29dcc
SHA1

808bcb8114f6188448b06ef581965e6ee09d4562
SHA256

af51aadc7d93eea0355ed2605959052333a0e124753ff5df78d16bcbf5031fbe
SHA512

03cc401161ae408e0b585aee60db9caec298a9f69cd5b1323417dc49771cceb7df3711886542ca7add6ff62091c83b0ae127c26ea2f4112ca6f84edff4e7952d
SSDEEP

12288:7SDJuxq0TA5FCxv2eP0Kla6EMAXmnSBY5eUk4MVYolDfyWEYjms8hV:7S9RK4i0p9r2iYDcmy3qs8hV

Score

10^/10

asyncrat ijefunds rat

Static task

static1

Behavioral task

behavioral1

Sample

ScanCopy378493rh1.scr.exe

Resource

win7-20220812-en

asyncrat ijefunds rat

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

ScanCopy378493rh1.scr.exe

Resource

win10v2004-20220812-en

asyncrat ijefunds rat

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7A

Botnet

Ijefunds

C2

79.134.225.20:8808

Mutex

mmkawdairhcehilxluo

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  ScanCopy378493rh1.scr.exe
- Size
  
  1.0MB
- MD5
  
  c5da839b1c6505b50f9d18588bc29dcc
- SHA1
  
  808bcb8114f6188448b06ef581965e6ee09d4562
- SHA256
  
  af51aadc7d93eea0355ed2605959052333a0e124753ff5df78d16bcbf5031fbe
- SHA512
  
  03cc401161ae408e0b585aee60db9caec298a9f69cd5b1323417dc49771cceb7df3711886542ca7add6ff62091c83b0ae127c26ea2f4112ca6f84edff4e7952d
- SSDEEP
  
  12288:7SDJuxq0TA5FCxv2eP0Kla6EMAXmnSBY5eUk4MVYolDfyWEYjms8hV:7S9RK4i0p9r2iYDcmy3qs8hV
Score

10^/10

asyncrat ijefunds rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratijefundsrat

behavioral2

asyncratijefundsrat

© 2018-2024

Terms | Privacy