asyncrat | e03373744068eb32bc09755df8ff0f111f93a47d94a9cca7513adac83a92d081 | Triage

Sharing

General

Target

DFDS4.exe
Size

6KB
Sample

221206-hqx1aage5z
MD5

aacae33f1697d56d6ebbe91f49426380
SHA1

043d947a5ba9db57da8804ee1b3db6411c36a317
SHA256

e03373744068eb32bc09755df8ff0f111f93a47d94a9cca7513adac83a92d081
SHA512

a150a3f35b00e7553d5aabb6e524cd0770d10714cd255665f4355f9922b91d400d2d2c0c276b18dba2bd999da210a4538754da9f38b819d2a2b3c947a75f6c20
SSDEEP

192:3m1I9XX1FrDl2ND2tLNtUq256XvW4NRcWedV:KI9Xl32NKNt/jvW4NRcW2V

Score

10^/10

asyncrat system guard runtime rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

System Guard Runtime

C2

85.105.88.221:2531

Mutex

System Guard Runtime

Attributes

delay
3
install
false
install_file
System Guard Runtime
install_folder
%AppData%

aes.plain

Targets

- Target
  
  DFDS4.exe
- Size
  
  6KB
- MD5
  
  aacae33f1697d56d6ebbe91f49426380
- SHA1
  
  043d947a5ba9db57da8804ee1b3db6411c36a317
- SHA256
  
  e03373744068eb32bc09755df8ff0f111f93a47d94a9cca7513adac83a92d081
- SHA512
  
  a150a3f35b00e7553d5aabb6e524cd0770d10714cd255665f4355f9922b91d400d2d2c0c276b18dba2bd999da210a4538754da9f38b819d2a2b3c947a75f6c20
- SSDEEP
  
  192:3m1I9XX1FrDl2ND2tLNtUq256XvW4NRcWedV:KI9Xl32NKNt/jvW4NRcW2V
Score

10^/10

asyncrat system guard runtime rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

asyncratsystem guard runtimerat