asyncrat | aae20c0fbcbb6a459929a9ebf3a27bb72064df5123db3d8a78b4087c0a0648fc | Triage

Submit
Reports

Overview

overview

Static

static

NEW PURCHA...OC.exe

windows7-x64

NEW PURCHA...OC.exe

windows10-2004-x64

Sharing

General

Target

NEW PURCHASE ORDER EXP0028433 SCAN DOC.exe
Size

1022KB
Sample

221011-r1plbsadgn
MD5

bb240dcac9cb0b5082636d9d98f79459
SHA1

2965a18059dc4f5f69d9e48023637ea6984ac595
SHA256

aae20c0fbcbb6a459929a9ebf3a27bb72064df5123db3d8a78b4087c0a0648fc
SHA512

daa42a06b4cbece9e56590f5b0b47f15fd1518ca44b08e1783fcec5d9ae112ba076e1bad6ee3be199577abc77fd3ac263c1e3327a99a471644b1b44b9403b2e0
SSDEEP

24576:+RUr+UZtr4OVMbDmWZyycNj5bj6vpFAtQy4A:BXt9IiykMvpIX

Score

10^/10

asyncrat boys rat

Static task

static1

Behavioral task

behavioral1

Sample

NEW PURCHASE ORDER EXP0028433 SCAN DOC.exe

Resource

win7-20220812-en

asyncrat boys rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEW PURCHASE ORDER EXP0028433 SCAN DOC.exe

Resource

win10v2004-20220901-en

asyncrat boys rat

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

BOYS

C2

asyncat.duckdns.org:6565

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
5
install
true
install_file
APE.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  NEW PURCHASE ORDER EXP0028433 SCAN DOC.exe
- Size
  
  1022KB
- MD5
  
  bb240dcac9cb0b5082636d9d98f79459
- SHA1
  
  2965a18059dc4f5f69d9e48023637ea6984ac595
- SHA256
  
  aae20c0fbcbb6a459929a9ebf3a27bb72064df5123db3d8a78b4087c0a0648fc
- SHA512
  
  daa42a06b4cbece9e56590f5b0b47f15fd1518ca44b08e1783fcec5d9ae112ba076e1bad6ee3be199577abc77fd3ac263c1e3327a99a471644b1b44b9403b2e0
- SSDEEP
  
  24576:+RUr+UZtr4OVMbDmWZyycNj5bj6vpFAtQy4A:BXt9IiykMvpIX
Score

10^/10

asyncrat boys rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratboysrat

behavioral2

asyncratboysrat

© 2018-2024

Terms | Privacy