asyncrat | f5e715d046072f8716f662bb86a02be3f13dd984ed207562c9e8e3feb6aeab40 | Triage

Submit
Reports

Overview

overview

Static

static

F5E715D046...07.exe

windows7-x64

F5E715D046...07.exe

windows10-2004-x64

Sharing

General

Target

F5E715D046072F8716F662BB86A02BE3F13DD984ED207.exe
Size

176KB
Sample

221001-wqarmsagdq
MD5

f8b8c7e30a0c98c7db0c64d4b925db75
SHA1

928ec1e03d21f51f34da1a7c801fdce9a36b3c36
SHA256

f5e715d046072f8716f662bb86a02be3f13dd984ed207562c9e8e3feb6aeab40
SHA512

67d7c8c62877a0d274089ef062a85e1b0622bcb6ccfc86d3bd9234973af514e211c4a3043504c597429ade35524f314efecea75a4695bf5489e282fef3cedef3
SSDEEP

3072:tuK0THf52BTHbvxPZYJ01yDgNlfWSZ0cXF:tuK+chHbIpgy/m

Score

10^/10

asyncrat default rat

Static task

static1

rat default asyncrat

2 signatures

Behavioral task

behavioral1

Sample

F5E715D046072F8716F662BB86A02BE3F13DD984ED207.exe

Resource

win7-20220812-en

asyncrat default rat

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

F5E715D046072F8716F662BB86A02BE3F13DD984ED207.exe

Resource

win10v2004-20220812-en

asyncrat default rat

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

zulakim.duckdns.org:6606

zulakim.duckdns.org:7707

zulakim.duckdns.org:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
dllhost.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  F5E715D046072F8716F662BB86A02BE3F13DD984ED207.exe
- Size
  
  176KB
- MD5
  
  f8b8c7e30a0c98c7db0c64d4b925db75
- SHA1
  
  928ec1e03d21f51f34da1a7c801fdce9a36b3c36
- SHA256
  
  f5e715d046072f8716f662bb86a02be3f13dd984ed207562c9e8e3feb6aeab40
- SHA512
  
  67d7c8c62877a0d274089ef062a85e1b0622bcb6ccfc86d3bd9234973af514e211c4a3043504c597429ade35524f314efecea75a4695bf5489e282fef3cedef3
- SSDEEP
  
  3072:tuK0THf52BTHbvxPZYJ01yDgNlfWSZ0cXF:tuK+chHbIpgy/m
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat

© 2018-2024

Terms | Privacy