asyncrat | 6e587363f78cb91de1b18cfe6a44174eb9426b724bcc757c3f7314a2881d3b39 | Triage

Submit
Reports

Overview

overview

Static

static

6E587363F7...C7.exe

windows7-x64

6E587363F7...C7.exe

windows10-2004-x64

Sharing

General

Target

6E587363F78CB91DE1B18CFE6A44174EB9426B724BCC7.exe
Size

4.5MB
Sample

221127-aawtaahh2t
MD5

d48e7bfd3aeb182e89b7e7ce883cd3f2
SHA1

b851e6bbf0c6fa176dac656b7bf45eaaa073e5d8
SHA256

6e587363f78cb91de1b18cfe6a44174eb9426b724bcc757c3f7314a2881d3b39
SHA512

e5fbea3a7a1c85dc60c0953ababceb308bea28a5abb338804fc3c3e521ffe4e9b85eb0d717bd37a3862edbf6aaaa19c1f62a500ad53645a9ca0c57282b0fd1a5
SSDEEP

49152:4DKt5jqtb72StuLh5cyqHo+oDc+HTst7R39JM9wWAToTCN7x/isxJ:E5KLhvN+ooV3ASWQ715xJ

Score

10^/10

asyncrat redline infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

6E587363F78CB91DE1B18CFE6A44174EB9426B724BCC7.exe

Resource

win7-20220901-en

asyncrat redline infostealer rat

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

6E587363F78CB91DE1B18CFE6A44174EB9426B724BCC7.exe

Resource

win10v2004-20220812-en

asyncrat redline infostealer rat

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  6E587363F78CB91DE1B18CFE6A44174EB9426B724BCC7.exe
- Size
  
  4.5MB
- MD5
  
  d48e7bfd3aeb182e89b7e7ce883cd3f2
- SHA1
  
  b851e6bbf0c6fa176dac656b7bf45eaaa073e5d8
- SHA256
  
  6e587363f78cb91de1b18cfe6a44174eb9426b724bcc757c3f7314a2881d3b39
- SHA512
  
  e5fbea3a7a1c85dc60c0953ababceb308bea28a5abb338804fc3c3e521ffe4e9b85eb0d717bd37a3862edbf6aaaa19c1f62a500ad53645a9ca0c57282b0fd1a5
- SSDEEP
  
  49152:4DKt5jqtb72StuLh5cyqHo+oDc+HTst7R39JM9wWAToTCN7x/isxJ:E5KLhvN+ooV3ASWQ715xJ
Score

10^/10

asyncrat redline infostealer rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Async RAT payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratredlineinfostealerrat

behavioral2

asyncratredlineinfostealerrat

© 2018-2024

Terms | Privacy