asyncrat | 409d419c88db27ed43efafe8e736ca6ea40a5d333dbbd0bb821b1fa2ca392255 | Triage

Submit
Reports

Overview

overview

Static

static

bfa3f6f645...da.exe

windows7-x64

bfa3f6f645...da.exe

windows10-2004-x64

Sharing

General

Target

8062756120.zip
Size

502KB
Sample

220922-agk1cschfp
MD5

7681ed6e20b0fd9d03acbca007e8e3ad
SHA1

9a71b4cf11f5354ed265f53f34637602b88b3693
SHA256

409d419c88db27ed43efafe8e736ca6ea40a5d333dbbd0bb821b1fa2ca392255
SHA512

daf90b1061f44592156b2494cc37bb96b6fc31ef10d508be18ad24ceaf449ee29166caa14c8935868aa506d3d114f13a54605a1b8964cb6943f02d0c9b0d58cc
SSDEEP

12288:Zjpw6ZNRFfcE9XQLG3yUuKGwcRf9lIJvAv/IKdyJnLFqQCS8:Zjpw6Z7fuGCnLBI8IFn38

Score

10^/10

asyncrat default rat

Static task

static1

Behavioral task

behavioral1

Sample

bfa3f6f645ef9ae71a47e665200300f035dbf18af1774f57a65ab1de763ef1da.exe

Resource

win7-20220812-en

asyncrat default rat

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

bfa3f6f645ef9ae71a47e665200300f035dbf18af1774f57a65ab1de763ef1da.exe

Resource

win10v2004-20220812-en

asyncrat default rat

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

hardrickkonsultg.ddns.net:8848

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  bfa3f6f645ef9ae71a47e665200300f035dbf18af1774f57a65ab1de763ef1da
- Size
  
  936KB
- MD5
  
  9ee64b943c2405d18d892e92b128d573
- SHA1
  
  ac5564a6984f111670446d6538e6fc218e7474fd
- SHA256
  
  bfa3f6f645ef9ae71a47e665200300f035dbf18af1774f57a65ab1de763ef1da
- SHA512
  
  00ded857701d3c8c17250127454daf88767eed8c502a9ad5b10962a346f6e8e84e6db3e5ce0b8823214f9594595459450dc6997f1359f39f6ba2577768ba09fd
- SSDEEP
  
  12288:RdRUevOMD2dgRKGopeN4ADqjJ5n4MSGSbAEu9H7kJ1f82fpuIXxV+/ZTo2uRCyri:RzUecgRKdpNjr48
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat

© 2018-2024

Terms | Privacy