asyncrat | 40fe14bb211ec9fecbe5a3a8750bf1a8fd9104264f3f76178ac4b3778e656506 | Triage

Submit
Reports

Overview

overview

Static

static

521e56bdd2...ec.exe

windows7-x64

521e56bdd2...ec.exe

windows10-2004-x64

Sharing

General

Target

521e56bdd27018ee0f40341bf556f7748f2eebb32a4bd016789a6b7801d010ec.zip
Size

8.1MB
Sample

220921-xnw3jacecp
MD5

67a17b033c17e77708c1a918407985cb
SHA1

94bbcba3835d3b49de3ebcf8c9b8e7cc6ffab095
SHA256

40fe14bb211ec9fecbe5a3a8750bf1a8fd9104264f3f76178ac4b3778e656506
SHA512

11e6540204ccde4022eed99698ad1f68b6cc79ac5c7eca98bc0e5be858e7c0278455871f345ad2b843db3e8b6bc3e9909c00132ab229214736d5e0d01d85fc74
SSDEEP

196608:QTpw9gaBJmOEMWMf3wzUWOv/3gcByPlzzR90yyLYr4LoHg2ID:nmaHjPWIWUxvty9zzAB5oA2K

Score

10^/10

asyncrat neshta persistence rat spyware

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

521e56bdd27018ee0f40341bf556f7748f2eebb32a4bd016789a6b7801d010ec.exe

Resource

win7-20220812-en

asyncrat neshta persistence rat spyware

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

521e56bdd27018ee0f40341bf556f7748f2eebb32a4bd016789a6b7801d010ec.exe

Resource

win10v2004-20220812-en

asyncrat neshta persistence rat spyware

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  521e56bdd27018ee0f40341bf556f7748f2eebb32a4bd016789a6b7801d010ec
- Size
  
  12.7MB
- MD5
  
  2c5d99dfc22e3c7c13abd40ef29082a6
- SHA1
  
  2eae7f57966c4409cfecda611ddb41e3d1da8147
- SHA256
  
  521e56bdd27018ee0f40341bf556f7748f2eebb32a4bd016789a6b7801d010ec
- SHA512
  
  21af954bb927cd6548f20333b582c130fa3e4f6a253318b3aec66fe8628dbe50a7ecdc729935f5a215a3ac2027429d87a58fea9a0f2b93e5c477cc5a3fd037fc
- SSDEEP
  
  196608:fmQDIJzN0rl/RNfrOzDzRgIurg8dCMZqWlggN2:eQO0rl/RRSgIurgjyGgN2
Score

10^/10

asyncrat neshta persistence rat spyware
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratneshtapersistenceratspyware

behavioral2

asyncratneshtapersistenceratspyware

© 2018-2024

Terms | Privacy