asyncrat | 3a8c396709d693d9a6056b74722088ceb5881b93765df71f7124b1756bb7e72f | Triage

Submit
Reports

Overview

overview

Static

static

3a8c396709...2f.exe

windows7-x64

3a8c396709...2f.exe

windows10-2004-x64

Sharing

General

Target

3a8c396709d693d9a6056b74722088ceb5881b93765df71f7124b1756bb7e72f
Size

49.0MB
Sample

221220-rw77wadb4w
MD5

29dbcafd5b93edc917ec738221a4d62d
SHA1

5ef0337f89afaa36072a5bd9a670fdf7c9b7535a
SHA256

3a8c396709d693d9a6056b74722088ceb5881b93765df71f7124b1756bb7e72f
SHA512

800c0efd66509a8fa0816c47f061faf6b01a23b673d98495d2a5412d500feda502f9d7fdfb63a8a05948032fed1b9b63744db9cc0db6c78a1aa97840fca0ed76
SSDEEP

1572864:lJFzuWZZPyH0G/bJafhqikT1M2cgY/Dx2F91jn:lPrZZPyH0mQgikT11cgY/DxG7

Score

10^/10

asyncrat coreentity discovery rat

Static task

static1

Behavioral task

behavioral1

Sample

3a8c396709d693d9a6056b74722088ceb5881b93765df71f7124b1756bb7e72f.exe

Resource

win7-20221111-en

asyncrat coreentity discovery rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

3a8c396709d693d9a6056b74722088ceb5881b93765df71f7124b1756bb7e72f.exe

Resource

win10v2004-20220812-en

asyncrat coreentity discovery rat

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  3a8c396709d693d9a6056b74722088ceb5881b93765df71f7124b1756bb7e72f
- Size
  
  49.0MB
- MD5
  
  29dbcafd5b93edc917ec738221a4d62d
- SHA1
  
  5ef0337f89afaa36072a5bd9a670fdf7c9b7535a
- SHA256
  
  3a8c396709d693d9a6056b74722088ceb5881b93765df71f7124b1756bb7e72f
- SHA512
  
  800c0efd66509a8fa0816c47f061faf6b01a23b673d98495d2a5412d500feda502f9d7fdfb63a8a05948032fed1b9b63744db9cc0db6c78a1aa97840fca0ed76
- SSDEEP
  
  1572864:lJFzuWZZPyH0G/bJafhqikT1M2cgY/Dx2F91jn:lPrZZPyH0mQgikT11cgY/DxG7
Score

10^/10

asyncrat coreentity discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- Async RAT payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratcoreentitydiscoveryrat

behavioral2

asyncratcoreentitydiscoveryrat

© 2018-2024

Terms | Privacy