asyncrat | 7d4cc059fd82b52011b02ba850ddf0ac14c06826bde03a13c68ddf3a5531a242 | Triage

Resubmissions

08-10-2022 15:38

221008-s23p1sehf8 10

Sharing

General

Target

ManyCam 8 Multilingual.rar
Size

92.9MB
Sample

221008-s23p1sehf8
MD5

b4f606582d2874297dd784e271b11dc9
SHA1

643b33dca0a98383719f21e2c7bee985d741938b
SHA256

7d4cc059fd82b52011b02ba850ddf0ac14c06826bde03a13c68ddf3a5531a242
SHA512

6289ea6e118e838c554dbc7f66b1665bbeb1f6240ea0b01373b204bf894837c46ee9baf031e46f0c08025243a38abda98261d99e93b1b896b6e1b439646555f2
SSDEEP

1572864:FNEqa8u1P0Fwz6w/dNB1ATx6Y8Z36+Th40kI4pfxtVtbIWqN1mHbevf:FZux0Fm6IP1A0Y8NnThtcpVnqXVf

Score

10^/10

asyncrat default rat upx

Malware Config

Extracted

Family

asyncrat

Version

0.5.6E

Botnet

Default

C2

dilescemo.servegame.com:2222

Mutex

ywmtlgzamxo

Attributes

delay
1
install
true
install_file
windows.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  ManyCam 8 Multilingual/ManyCam 8 Multilingual/ManyCam 8 Multilingual/Crack_Patch/Patch-MPT.zip
- Size
  
  216KB
- MD5
  
  e1b732c3feeac7c017e25225f1cf08b0
- SHA1
  
  3c15415d97aff7a6100e62a5f31b5b5fc89ababa
- SHA256
  
  4919ff419069cab04133a63bc5332ed56ee11a14472da90b945fe1e4001210fe
- SHA512
  
  ee47a010115914cc78817c28fcea7f183eb599133b1b01618f65192be0a2a09bc4ed3fefaca4ff0b0157673d44816d915392a770a6d43c7a926d2fa7d566dec4
- SSDEEP
  
  6144:cyUiVd1BmmmiDnPc8i9S7Kkz4dJeXe767fOr3EgtFJ:cyUiH1AxMnPcDS2n0e7SOr3nH
Score

1^/10
behavioral1 behavioral2
- Target
  
  MAYANPROPHECY.nfo
- Size
  
  7KB
- MD5
  
  75aa6ce98f8ddbd6d4eccf87dae1154b
- SHA1
  
  4ff19da23ce9a84e14d99a047c1d30bb0cae223c
- SHA256
  
  386cd822d58540231d594b67a35b3353ae98d3ce23a8f310fa0697d6d72d1036
- SHA512
  
  71a88e58427d16bd8ce48c1fec217bd9a6f38304e116a19b6a9af4637afa0b6ce5b7c192476c49b385fffd35845cf1e6ccd31c183c8605a4216683673d3aecec
- SSDEEP
  
  48:ZQh8XpnXGPHH1UlZlVmnd6UVl+7nd4HNtiketbrsk87b6jf8XI8K6gdDSEt+G:Z0ezlPVmnd1c7d4HkXu6jj8zgRSEtZ
Score

1^/10
behavioral3 behavioral4
- Target
  
  manycam.7.6.0.38-MPT.exe
- Size
  
  229KB
- MD5
  
  99bc00543dd33142549458775fc146a8
- SHA1
  
  757f6569d16699fdb1f1597d6bac245fe2f88d27
- SHA256
  
  3bacbaf79d434a128d3a32792ab8f87aaa4854dacb89f475d4dec0f3addbd33c
- SHA512
  
  d77214c376d719217cdf830e4bc41251181750f330e9aa0b9d4ddb2e61959068780e8a2aa1c216f5217954436561bb643112bbf7a3dd269c07257ce8e7d0d8e2
- SSDEEP
  
  6144:fodJmiTnPc8G9S7KkzadJeXeD67fOrkz:fPenPcFS2j0eDSOrW
Score

7^/10
- Loads dropped DLL
behavioral5 behavioral6
- Target
  
  ManyCam 8 Multilingual/ManyCam 8 Multilingual/ManyCam 8 Multilingual/Crack_Patch/manycam 8-MPT.exe
- Size
  
  557KB
- MD5
  
  948df9371c1dd0928496cafb9da6d9b4
- SHA1
  
  5725d22fc6dc187c39aad31febabb41771ce4b83
- SHA256
  
  f9ab094a0d2b47684d8bbc5a430c111ab3aa18e7aa3d2a70f7157829808322e4
- SHA512
  
  fb8aebde61d299463122bff606ad578d07a952b106979bc824cc3e9fdff806338e1db8c82aabdd3c27c3baf517acec7dfb64e2f6eef03dca46cf0668b061ef8a
- SSDEEP
  
  12288:96Wq4aaE6KwyF5L0Y2D1PqLXLvjZhsbooEuo9wgng3wnePR/:rthEVaPqLXLvjZWFEPwbXPR/
Score

10^/10

asyncrat default rat upx
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral7 behavioral8
- Target
  
  ManyCam 8 Multilingual/ManyCam 8 Multilingual/ManyCam 8 Multilingual/ManyCamSetup.exe
- Size
  
  92.2MB
- MD5
  
  57da98671258ac3bfb1af1c182e14df8
- SHA1
  
  46ee1698e072ba0363b5eca0f7d67f2e9db2c75f
- SHA256
  
  9c4f384bd23df3a04bf948b271d53d3c113ee26ab978c6b411a79174d3b6e703
- SHA512
  
  311f39d7feafea6eec4fabb794e30069491ccd2ccff34414ecd3477f12c2b1f08338e124ade61d5153278304d859ca365cd92a64a564307af6d50a05dcf88707
- SSDEEP
  
  1572864:nNEqa8u1P0Fwz6w/dNB1ATx6Y8Z36+Th40kI4pfxtVtbIWqN1mHbev3:nZux0Fm6IP1A0Y8NnThtcpVnqXV3
Score

7^/10
- Loads dropped DLL
behavioral9 behavioral10
- Target
  
  ManyCam 8 Multilingual/ManyCam 8 Multilingual/ManyCam 8 Multilingual/Readme.txt
- Size
  
  252B
- MD5
  
  fbc769a634385261720b8eb9dde26acb
- SHA1
  
  e468891c99cc31e073ecc4f26397e1ef3889014b
- SHA256
  
  266f09ea72ace8ec92800d87ad4ddf16af882959420a2df1de4883bae14483f1
- SHA512
  
  1ff0d0255d7228f273abb1c2b97d3d9ef71dba4e41b6e4871fc5ac47608bcafef7d72846d820f4ed6967821ad81041aa9fc5338b7b4667d9018b1c1d46c872de
Score

1^/10
behavioral11 behavioral12

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

asyncratdefaultratupx

behavioral8

asyncratdefaultratupx

behavioral9

behavioral10

behavioral11

behavioral12