asyncrat | d5f162d4ab50a806c77d3462307ddaefb30135bb6a8ecbe75afc253a2c3cbd2c | Triage

Submit
Reports

Overview

overview

Static

static

49140280d1...2f.exe

windows7-x64

49140280d1...2f.exe

windows10-2004-x64

Sharing

General

Target

49140280d15498a146873199b563852f.exe
Size

171KB
Sample

221118-dfdfnscc8y
MD5

49140280d15498a146873199b563852f
SHA1

9d07b889da175893d72766cc9706f5a51ae04b5e
SHA256

d5f162d4ab50a806c77d3462307ddaefb30135bb6a8ecbe75afc253a2c3cbd2c
SHA512

f51b9d6b7b6f435daad0a512b9c68e6fef937a1fb30d0421290f829d3bab65c5c1c0630631049d5ce2cf9c99e539451f743499e982258cbfd213d2a3921eefe4
SSDEEP

3072:sr85C2inW+ZBWwEGGXfbSwr+1SdHAeZ7ZoRwB4x7DOHw:k925+PWUGTzxZep7D0w

Score

10^/10

asyncrat neshta lmwkapo persistence rat spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

49140280d15498a146873199b563852f.exe

Resource

win7-20220812-en

asyncrat neshta persistence rat spyware stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

49140280d15498a146873199b563852f.exe

Resource

win10v2004-20220812-en

asyncrat neshta lmwkapo persistence rat spyware stealer

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

LMWKAPO

C2

jntlmanaway.con-ip.com:8000

Mutex

LMVICKAPO_6SI8OkPnk

Attributes

delay
3
install
true
install_file
yourphone.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  49140280d15498a146873199b563852f.exe
- Size
  
  171KB
- MD5
  
  49140280d15498a146873199b563852f
- SHA1
  
  9d07b889da175893d72766cc9706f5a51ae04b5e
- SHA256
  
  d5f162d4ab50a806c77d3462307ddaefb30135bb6a8ecbe75afc253a2c3cbd2c
- SHA512
  
  f51b9d6b7b6f435daad0a512b9c68e6fef937a1fb30d0421290f829d3bab65c5c1c0630631049d5ce2cf9c99e539451f743499e982258cbfd213d2a3921eefe4
- SSDEEP
  
  3072:sr85C2inW+ZBWwEGGXfbSwr+1SdHAeZ7ZoRwB4x7DOHw:k925+PWUGTzxZep7D0w
Score

10^/10

asyncrat neshta persistence rat spyware stealer lmwkapo
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Detect Neshta payload
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Async RAT payload
  rat
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Change Default File Association

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratneshtapersistenceratspywarestealer

behavioral2

asyncratneshtalmwkapopersistenceratspywarestealer

© 2018-2024

Terms | Privacy