asyncrat | ef1cddd57724a667599eb57a77aedde1f256853f54698a68a610c3d54f924f1e | Triage

Submit
Reports

Overview

overview

Static

static

DOC_202210...ed.scr

windows7-x64

DOC_202210...ed.scr

windows10-2004-x64

Sharing

General

Target

DOC_20221012_094045716_stripped.scr
Size

105KB
Sample

221015-e6n6jafbe8
MD5

640cc9bb769a9591c548cc63a15d15bf
SHA1

56e456d997ef4f2735b7ba48a3b0e4861327ed61
SHA256

ef1cddd57724a667599eb57a77aedde1f256853f54698a68a610c3d54f924f1e
SHA512

9e05ca442fae59a54d25fced3a156cd7eb00ba4a0ec80e69468a06639b558ee34c6c6509815eb9a10e6f833d34d48832f073fa7c0f4075ee8da16283d0a58d06
SSDEEP

3072:M+rR+Y6VgvQdJK0vtNZg/V7S+O+dvvAun:M+BFI3vtNZNH+dv

Score

10^/10

asyncrat oct 11 rat

Static task

static1

Behavioral task

behavioral1

Sample

DOC_20221012_094045716_stripped.scr

Resource

win7-20220812-en

asyncrat oct 11 rat

windows7-x64

6 signatures

120 seconds

Behavioral task

behavioral2

Sample

DOC_20221012_094045716_stripped.scr

Resource

win10v2004-20220901-en

asyncrat oct 11 rat

windows10-2004-x64

7 signatures

120 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Oct 11

C2

donzola.duckdns.org:2000

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  DOC_20221012_094045716_stripped.scr
- Size
  
  105KB
- MD5
  
  640cc9bb769a9591c548cc63a15d15bf
- SHA1
  
  56e456d997ef4f2735b7ba48a3b0e4861327ed61
- SHA256
  
  ef1cddd57724a667599eb57a77aedde1f256853f54698a68a610c3d54f924f1e
- SHA512
  
  9e05ca442fae59a54d25fced3a156cd7eb00ba4a0ec80e69468a06639b558ee34c6c6509815eb9a10e6f833d34d48832f073fa7c0f4075ee8da16283d0a58d06
- SSDEEP
  
  3072:M+rR+Y6VgvQdJK0vtNZg/V7S+O+dvvAun:M+BFI3vtNZNH+dv
Score

10^/10

asyncrat oct 11 rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratoct 11rat

behavioral2

asyncratoct 11rat

© 2018-2024

Terms | Privacy