asyncrat | 9e2907deec3bc3c5a673fce50df169d8d9b4b8d433a642a3dd7cbe81ef54a0c5 | Triage

Submit
Reports

Overview

overview

Static

static

52bf11364e...41.exe

windows7-x64

52bf11364e...41.exe

windows10-2004-x64

Sharing

General

Target

52bf11364e8430f4b271ebb29e2a55451543338be5b2a34e731ede58eef04241
Size

63KB
Sample

221212-v3eexsca88
MD5

62da5d39ea660313ec5aa241ccc1f1c7
SHA1

d2440072f9b7804e1c3f4392bb2405bcf161f648
SHA256

9e2907deec3bc3c5a673fce50df169d8d9b4b8d433a642a3dd7cbe81ef54a0c5
SHA512

c901f16f70aee9b2a00a278ca2e683d5441dc5626244da33dcca82aac0859556e69ab5370971bedbd2e6e02a185e3a98254572e63e994e88ece0889548f24faf
SSDEEP

1536:UbO1/YRYNVRHBS2+hkto2YLEcyKSbXarURxoAGgOQPRjm0:Ub2/Y2NV9Br+0Y4yGvfGgc0

Score

10^/10

asyncrat system guard runtime persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

52bf11364e8430f4b271ebb29e2a55451543338be5b2a34e731ede58eef04241.exe

Resource

win7-20220812-en

asyncrat system guard runtime persistence rat

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

52bf11364e8430f4b271ebb29e2a55451543338be5b2a34e731ede58eef04241.exe

Resource

win10v2004-20220812-en

asyncrat system guard runtime persistence rat

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

System Guard Runtime

C2

85.105.88.221:2531

Mutex

System Guard Runtime

Attributes

delay
3
install
false
install_file
System Guard Runtime
install_folder
%AppData%

aes.plain

Targets

- Target
  
  52bf11364e8430f4b271ebb29e2a55451543338be5b2a34e731ede58eef04241
- Size
  
  87KB
- MD5
  
  3c6ccbfe897915f0fe6bc34d193bf4a0
- SHA1
  
  6fe3161ee66e317889066a302474e511220939e7
- SHA256
  
  52bf11364e8430f4b271ebb29e2a55451543338be5b2a34e731ede58eef04241
- SHA512
  
  e0bf1fc11deacb24b5d5de4bcfc522057d1ca1b4866325356b2c9a1f009c6562eee0c0e602478b3639de4beff14997d59a3b428281d9111278544fc5e3199536
- SSDEEP
  
  1536:Fn6gewiUBl7opCAFqRxzWbg5N0ns1decUmnybgR+fPUSphJ7L2Ut:0gewHgCSC0sXmbgR+fPUSphJ7Ll
Score

10^/10

asyncrat system guard runtime persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratsystem guard runtimepersistencerat

behavioral2

asyncratsystem guard runtimepersistencerat

© 2018-2024

Terms | Privacy