asyncrat | 63f13767cd38209385164d5517a55a6846996268f7c3ca03bbb8c4129259b4b9 | Triage

Submit
Reports

Overview

overview

Static

static

63F13767CD...3C.exe

windows7-x64

63F13767CD...3C.exe

windows10-2004-x64

8

Sharing

General

Target

63F13767CD38209385164D5517A55A6846996268F7C3C.exe
Size

900KB
Sample

221126-ghv1aaae51
MD5

a494a81f17b65fca1bdbb853b6556172
SHA1

71ea522b0832d85875432842ff55f337e4a08081
SHA256

63f13767cd38209385164d5517a55a6846996268f7c3ca03bbb8c4129259b4b9
SHA512

aeb70d879e94101476697420991a9236670297c0793ca16399aa80e9c75bfb9b347a95b723245555c0a6c039e7a001dbd8ed378acbca589eafbd3d66a585a3a9
SSDEEP

12288:M6qjziyoNL4bVwBJ4pKhYKgWD4qH4JuteNqvRH5IYtwpjgFp:Mdj4L48J7qKx0MrZH5IYtdp

Score

10^/10

asyncrat redline infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

63F13767CD38209385164D5517A55A6846996268F7C3C.exe

Resource

win7-20220812-en

asyncrat redline infostealer rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

63F13767CD38209385164D5517A55A6846996268F7C3C.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  63F13767CD38209385164D5517A55A6846996268F7C3C.exe
- Size
  
  900KB
- MD5
  
  a494a81f17b65fca1bdbb853b6556172
- SHA1
  
  71ea522b0832d85875432842ff55f337e4a08081
- SHA256
  
  63f13767cd38209385164d5517a55a6846996268f7c3ca03bbb8c4129259b4b9
- SHA512
  
  aeb70d879e94101476697420991a9236670297c0793ca16399aa80e9c75bfb9b347a95b723245555c0a6c039e7a001dbd8ed378acbca589eafbd3d66a585a3a9
- SSDEEP
  
  12288:M6qjziyoNL4bVwBJ4pKhYKgWD4qH4JuteNqvRH5IYtwpjgFp:Mdj4L48J7qKx0MrZH5IYtdp
Score

10^/10

asyncrat redline infostealer rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Async RAT payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratredlineinfostealerrat

behavioral2

© 2018-2024

Terms | Privacy