asyncrat | 45ba43813271c0c4d377338c381992cd5b0220b80c00cffc0b284f84cc0aee66 | Triage

Submit
Reports

Overview

overview

Static

static

45ba438132...66.exe

windows7-x64

45ba438132...66.exe

windows10-2004-x64

Sharing

General

Target

45ba43813271c0c4d377338c381992cd5b0220b80c00cffc0b284f84cc0aee66
Size

426KB
Sample

221130-s8qzssdd53
MD5

a504f9dfe6a3554120c7902c56ddf3b2
SHA1

a89ca17e9c1af4912a55bdf49bc0020a3990b408
SHA256

45ba43813271c0c4d377338c381992cd5b0220b80c00cffc0b284f84cc0aee66
SHA512

7557a1bb0edde11ff8d4c68e9c3e11cde7c677e284afcdbd2359dcc9a88692299aa035098663c995948d07518711ac812f7f689a2a559d30da8afed7ce31a08c
SSDEEP

12288:URifysycqld21fNlRU3LmWTvnGeUITYBK7ENId0fGwVTMsMt:UoypcVFWDGXIEcIAILtT

Score

10^/10

asyncrat default rat

Static task

static1

Behavioral task

behavioral1

Sample

45ba43813271c0c4d377338c381992cd5b0220b80c00cffc0b284f84cc0aee66.exe

Resource

win7-20221111-en

asyncrat default rat

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

45ba43813271c0c4d377338c381992cd5b0220b80c00cffc0b284f84cc0aee66.exe

Resource

win10v2004-20221111-en

asyncrat default rat

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

primo1.hopto.org:7771

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
15
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  45ba43813271c0c4d377338c381992cd5b0220b80c00cffc0b284f84cc0aee66
- Size
  
  426KB
- MD5
  
  a504f9dfe6a3554120c7902c56ddf3b2
- SHA1
  
  a89ca17e9c1af4912a55bdf49bc0020a3990b408
- SHA256
  
  45ba43813271c0c4d377338c381992cd5b0220b80c00cffc0b284f84cc0aee66
- SHA512
  
  7557a1bb0edde11ff8d4c68e9c3e11cde7c677e284afcdbd2359dcc9a88692299aa035098663c995948d07518711ac812f7f689a2a559d30da8afed7ce31a08c
- SSDEEP
  
  12288:URifysycqld21fNlRU3LmWTvnGeUITYBK7ENId0fGwVTMsMt:UoypcVFWDGXIEcIAILtT
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat

© 2018-2024

Terms | Privacy