asyncrat | 1b369655f627c3dd2f7cfc06f8cac5c9a91152b1286608fd03f78c26ce62029c | Triage

Submit
Reports

Overview

overview

Static

static

Arrival_no...df.exe

windows7-x64

Arrival_no...df.exe

windows10-2004-x64

Sharing

General

Target

Arrival_notification.pdf.exe
Size

865KB
Sample

220918-2tx91ahdcn
MD5

0ed67c55751379da8cb3af2bf95115e8
SHA1

67e368232c61e6fe72faf60de77789dbad08157e
SHA256

1b369655f627c3dd2f7cfc06f8cac5c9a91152b1286608fd03f78c26ce62029c
SHA512

fdf581884b79ddee84fe3a419f64ba519f82abc13f3a9c1676ccfd819709cc6346ec0f8a2103410d4e02c489eb8f2a014290961b888691b180a52e4745d0e300
SSDEEP

12288:I/eSmRoZ9BgMEWRCb3TV7uikFgdrVlO4ip9FrvNsW75ecwTWKx+1vs4CRpp:+63TlubgITrl59wTWK8vs4Wp

Score

10^/10

asyncrat java rat

Static task

static1

Behavioral task

behavioral1

Sample

Arrival_notification.pdf.exe

Resource

win7-20220901-en

asyncrat java rat

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Arrival_notification.pdf.exe

Resource

win10v2004-20220901-en

asyncrat java rat

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Java

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

127.0.0.1:2406

niiarmah.kozow.com:6606

niiarmah.kozow.com:7707

niiarmah.kozow.com:8808

niiarmah.kozow.com:2406

Mutex

Mutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Arrival_notification.pdf.exe
- Size
  
  865KB
- MD5
  
  0ed67c55751379da8cb3af2bf95115e8
- SHA1
  
  67e368232c61e6fe72faf60de77789dbad08157e
- SHA256
  
  1b369655f627c3dd2f7cfc06f8cac5c9a91152b1286608fd03f78c26ce62029c
- SHA512
  
  fdf581884b79ddee84fe3a419f64ba519f82abc13f3a9c1676ccfd819709cc6346ec0f8a2103410d4e02c489eb8f2a014290961b888691b180a52e4745d0e300
- SSDEEP
  
  12288:I/eSmRoZ9BgMEWRCb3TV7uikFgdrVlO4ip9FrvNsW75ecwTWKx+1vs4CRpp:+63TlubgITrl59wTWK8vs4Wp
Score

10^/10

asyncrat java rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratjavarat

behavioral2

asyncratjavarat

© 2018-2024

Terms | Privacy