Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

DFDS4.exe
Size

6KB
Sample

221206-hqx1aage5z
MD5

aacae33f1697d56d6ebbe91f49426380
SHA1

043d947a5ba9db57da8804ee1b3db6411c36a317
SHA256

e03373744068eb32bc09755df8ff0f111f93a47d94a9cca7513adac83a92d081
SHA512

a150a3f35b00e7553d5aabb6e524cd0770d10714cd255665f4355f9922b91d400d2d2c0c276b18dba2bd999da210a4538754da9f38b819d2a2b3c947a75f6c20
SSDEEP

192:3m1I9XX1FrDl2ND2tLNtUq256XvW4NRcWedV:KI9Xl32NKNt/jvW4NRcW2V

Score

10^/10

asyncrat system guard runtime rat

Malware Config

Extracted

Family	asyncrat
Version	0.5.7B
Botnet	System Guard Runtime
C2	85.105.88.221:2531 85.105.88.221:2531
Attributes	delay 3 install false install_file System Guard Runtime install_folder %AppData%
aes.plain

Targets

- Target
  
  DFDS4.exe
- Size
  
  6KB
- MD5
  
  aacae33f1697d56d6ebbe91f49426380
- SHA1
  
  043d947a5ba9db57da8804ee1b3db6411c36a317
- SHA256
  
  e03373744068eb32bc09755df8ff0f111f93a47d94a9cca7513adac83a92d081
- SHA512
  
  a150a3f35b00e7553d5aabb6e524cd0770d10714cd255665f4355f9922b91d400d2d2c0c276b18dba2bd999da210a4538754da9f38b819d2a2b3c947a75f6c20
- SSDEEP
  
  192:3m1I9XX1FrDl2ND2tLNtUq256XvW4NRcWedV:KI9Xl32NKNt/jvW4NRcW2V
Score

10^/10

asyncrat system guard runtime rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

behavioral2

asyncratsystem guard runtimerat