asyncrat | 1fa54f334b675dc96a15b9a4187a0d01c3685665217c372aa29a222a2b132c63 | Triage

Sharing

General

Target

1fa54f334b675dc96a15b9a4187a0d01c3685665217c372aa29a222a2b132c63
Size

5KB
Sample

230101-hzzkgabc74
MD5

23764ce49736891acd2e4288bd486da2
SHA1

c7cfcebf6c5644e9e7e4e6076ca58789e2370be7
SHA256

1fa54f334b675dc96a15b9a4187a0d01c3685665217c372aa29a222a2b132c63
SHA512

fd800de3f209f542912852239e79f18e259a5a8fd5934a7237b0f304b0a7aacaced9e9cc21612facb469c37964103cb44e4df3929c47f286faf07f773ef0e38c
SSDEEP

96:1y/4n79VFkCFp1DNUCMgs7tA8Y/y/SvFd3oj2rl:N79VFPFppNXMgSy8Y/yyFd5

Score

10^/10

asyncrat defendersmartscren rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

DefenderSmartScren

C2

217.64.31.3:8437

Mutex

DefenderSmartScren

Attributes

delay
3
install
false
install_file
SecurityHealtheurvice.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  1fa54f334b675dc96a15b9a4187a0d01c3685665217c372aa29a222a2b132c63
- Size
  
  5KB
- MD5
  
  23764ce49736891acd2e4288bd486da2
- SHA1
  
  c7cfcebf6c5644e9e7e4e6076ca58789e2370be7
- SHA256
  
  1fa54f334b675dc96a15b9a4187a0d01c3685665217c372aa29a222a2b132c63
- SHA512
  
  fd800de3f209f542912852239e79f18e259a5a8fd5934a7237b0f304b0a7aacaced9e9cc21612facb469c37964103cb44e4df3929c47f286faf07f773ef0e38c
- SSDEEP
  
  96:1y/4n79VFkCFp1DNUCMgs7tA8Y/y/SvFd3oj2rl:N79VFPFppNXMgSy8Y/yyFd5
Score

10^/10

asyncrat defendersmartscren rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratdefendersmartscrenrat