asyncrat | f0c54049ee4311eb991f87a8eb76c700af19d5ebbfc5410f3bafef574b28d0e5 | Triage

Submit
Reports

Overview

overview

Static

static

8d8a8672df...53.exe

windows7-x64

8d8a8672df...53.exe

windows10-2004-x64

Sharing

General

Target

8d8a8672dfff84bc479258d004a884339d9c3b53.exe
Size

69KB
Sample

221130-k9lsgaag3v
MD5

ec7ea366e3d42308a1b8aee82b799dfe
SHA1

8d8a8672dfff84bc479258d004a884339d9c3b53
SHA256

f0c54049ee4311eb991f87a8eb76c700af19d5ebbfc5410f3bafef574b28d0e5
SHA512

59bbd5acb73e5c5b37890b8fcdf3b8a239129117b0bb5422f77d10b4194a23a9cb8a93e94cc4574c3aa44f242e763f4daf92282ed258f96fdd7dedcfd785e6f6
SSDEEP

1536:rwEjos8LrepSGToFwu/MRkSx4Y7uP6Wjh0IA/VD9LCwOC6/CKR09OnE3D:TjosyrepvToFH/Ly4xiKh0tNpMC6Kcnk

Score

10^/10

asyncrat persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

8d8a8672dfff84bc479258d004a884339d9c3b53.exe

Resource

win7-20221111-en

asyncrat persistence rat

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

8d8a8672dfff84bc479258d004a884339d9c3b53.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.4H

C2

0.tcp.ngrok.io:4444

Mutex

dchckeuexyjmudh

Attributes

delay
0
install
true
install_file
explorer23i.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  8d8a8672dfff84bc479258d004a884339d9c3b53.exe
- Size
  
  69KB
- MD5
  
  ec7ea366e3d42308a1b8aee82b799dfe
- SHA1
  
  8d8a8672dfff84bc479258d004a884339d9c3b53
- SHA256
  
  f0c54049ee4311eb991f87a8eb76c700af19d5ebbfc5410f3bafef574b28d0e5
- SHA512
  
  59bbd5acb73e5c5b37890b8fcdf3b8a239129117b0bb5422f77d10b4194a23a9cb8a93e94cc4574c3aa44f242e763f4daf92282ed258f96fdd7dedcfd785e6f6
- SSDEEP
  
  1536:rwEjos8LrepSGToFwu/MRkSx4Y7uP6Wjh0IA/VD9LCwOC6/CKR09OnE3D:TjosyrepvToFH/Ly4xiKh0tNpMC6Kcnk
Score

10^/10

asyncrat persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratpersistencerat

behavioral2

© 2018-2024

Terms | Privacy