asyncrat | d71cdeb52c0e74f3b4c96e4b5dbe70af00814283985036d62b43de0950d77b22 | Triage

Sharing

General

Target

FedEx_Label_202218201.exe
Size

28KB
Sample

221001-jd4sqsffc4
MD5

9fa348df801f0d2cebb02378b3546f6e
SHA1

03a5c5344ad4c92366cb086ad78bb7f4fe4f7a17
SHA256

d71cdeb52c0e74f3b4c96e4b5dbe70af00814283985036d62b43de0950d77b22
SHA512

b48e919554920a4f441401b8f453a09eebf10fced670e1e35d01433a2edb990815894250cab3773104ca05064183be3779d4f6acac3040f5955a05a760476ae7
SSDEEP

384:1iAAKDVj/yf2BGuegE3YCoLY40E6vDOT5kYgH5Oj8A5PPPPPPPPPPPPPPPQPPPPV:0AAGo2eg+YCc/6m5k75RPhNf2

Score

10^/10

asyncrat persistence rat

Malware Config

Targets

- Target
  
  FedEx_Label_202218201.exe
- Size
  
  28KB
- MD5
  
  9fa348df801f0d2cebb02378b3546f6e
- SHA1
  
  03a5c5344ad4c92366cb086ad78bb7f4fe4f7a17
- SHA256
  
  d71cdeb52c0e74f3b4c96e4b5dbe70af00814283985036d62b43de0950d77b22
- SHA512
  
  b48e919554920a4f441401b8f453a09eebf10fced670e1e35d01433a2edb990815894250cab3773104ca05064183be3779d4f6acac3040f5955a05a760476ae7
- SSDEEP
  
  384:1iAAKDVj/yf2BGuegE3YCoLY40E6vDOT5kYgH5Oj8A5PPPPPPPPPPPPPPPQPPPPV:0AAGo2eg+YCc/6m5k75RPhNf2
Score

10^/10

asyncrat persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratpersistencerat

behavioral2

asyncratpersistencerat