asyncrat | a43109ea48654a6991a1b53ac29b54cec0dcf75cf0228ea661a40d8b976c1c2b | Triage

Submit
Reports

Overview

overview

Static

static

WINCPU.EXE.exe

windows7-x64

WINCPU.EXE.exe

windows10-2004-x64

Sharing

General

Target

WINCPU.EXE.exe
Size

397KB
Sample

221013-pt2wzaebe6
MD5

52195e2a7f97c64cae5e8a29526e331b
SHA1

8b9ba509ab3708ca6c3ddc9e6b2159b6c8b3a757
SHA256

a43109ea48654a6991a1b53ac29b54cec0dcf75cf0228ea661a40d8b976c1c2b
SHA512

44178e0ea91eb402fce4b4d496f550c3ec1483130af840e867d0086a564695f41a32789882caf5b25bd908b46668330dc7b266599f04a5f451e113fcf881889b
SSDEEP

6144:qXMHJuU7CtrrwR9LXc5XQlDRHspjwYOvFoDngLV6yuY1HeO:q6bCprwRJsNTpjwYk+DnGVZu0+O

Score

10^/10

asyncrat rat

Static task

static1

Behavioral task

behavioral1

Sample

WINCPU.EXE.exe

Resource

win7-20220812-en

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

WINCPU.EXE.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.6A

C2

45.74.4.244:6606

45.74.4.244:7707

45.74.4.244:8808

Mutex

servtle284

Attributes

delay
5
install
true
install_file
wintskl.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  WINCPU.EXE.exe
- Size
  
  397KB
- MD5
  
  52195e2a7f97c64cae5e8a29526e331b
- SHA1
  
  8b9ba509ab3708ca6c3ddc9e6b2159b6c8b3a757
- SHA256
  
  a43109ea48654a6991a1b53ac29b54cec0dcf75cf0228ea661a40d8b976c1c2b
- SHA512
  
  44178e0ea91eb402fce4b4d496f550c3ec1483130af840e867d0086a564695f41a32789882caf5b25bd908b46668330dc7b266599f04a5f451e113fcf881889b
- SSDEEP
  
  6144:qXMHJuU7CtrrwR9LXc5XQlDRHspjwYOvFoDngLV6yuY1HeO:q6bCprwRJsNTpjwYk+DnGVZu0+O
Score

10^/10

asyncrat rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy