asyncrat | 1325c2f0f1b73a0fcdbc947752757ffbd378c89c95aaaac8d46434188f972925 | Triage

Submit
Reports

Overview

overview

Static

static

COM Surrogate.exe

windows7-x64

1

COM Surrogate.exe

windows10-2004-x64

Sharing

General

Target

COM Surrogate.exe
Size

47KB
Sample

221206-xvbp6shd6z
MD5

2bd0e405d19bc95341a0f9c4912efdd1
SHA1

aa27c91317600a2f9d8a5f4b18ec4a3f10d1061f
SHA256

1325c2f0f1b73a0fcdbc947752757ffbd378c89c95aaaac8d46434188f972925
SHA512

1f19478f120ceb4b89c5871d76a08fb1fcd51d02f38fb36c30a8e87ce495649c081f337608eca8e48ce5a5c303e27ca6728c15885d0cba53e6226bac5fc9103e
SSDEEP

768:E9V/w9ILiCuu+bicyYE/pif8Yb3gemQnivEgK/JbZVc6KN:E9V/IidezbQSninkJbZVclN

Score

10^/10

asyncrat default rat

Static task

static1

rat default asyncrat

2 signatures

Behavioral task

behavioral1

Sample

COM Surrogate.exe

Resource

win7-20221111-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

COM Surrogate.exe

Resource

win10v2004-20221111-en

asyncrat default rat

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

buy-dynamics.at.playit.gg:8080

buy-dynamics.at.playit.gg:12074

Mutex

bruh__R3taddd

Attributes

delay
1
install
true
install_file
COM Surrogate.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  COM Surrogate.exe
- Size
  
  47KB
- MD5
  
  2bd0e405d19bc95341a0f9c4912efdd1
- SHA1
  
  aa27c91317600a2f9d8a5f4b18ec4a3f10d1061f
- SHA256
  
  1325c2f0f1b73a0fcdbc947752757ffbd378c89c95aaaac8d46434188f972925
- SHA512
  
  1f19478f120ceb4b89c5871d76a08fb1fcd51d02f38fb36c30a8e87ce495649c081f337608eca8e48ce5a5c303e27ca6728c15885d0cba53e6226bac5fc9103e
- SSDEEP
  
  768:E9V/w9ILiCuu+bicyYE/pif8Yb3gemQnivEgK/JbZVc6KN:E9V/IidezbQSninkJbZVclN
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

behavioral2

asyncratdefaultrat

© 2018-2024

Terms | Privacy