asyncrat | a135d26f1276f808a6ac98758dcb68c098d525e5bdd26cd3f5c6c92157866a91 | Triage

Sharing

General

Target

797a96f11dbaf5a64bde51be8ae1b0d0.bin
Size

2KB
Sample

230116-zwlmwahd6v
MD5

eff08713ef97128eff7c44459245f9ba
SHA1

f5223e5438651f0d08ab8941a830edbaa4835918
SHA256

a135d26f1276f808a6ac98758dcb68c098d525e5bdd26cd3f5c6c92157866a91
SHA512

7a910f62fe7522c5510bab274fa20ad43c066ab411b483fdb93a612ef7f52bd1883a271115bd81a7f350a7a0d9e9bf5c32fa87dd6b6e2342b766229909b74a02

Score

10^/10

asyncrat defendersmartscren rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

DefenderSmartScren

C2

217.64.31.3:8437

Mutex

DefenderSmartScren

Attributes

delay
3
install
false
install_file
SecurityHealtheurvice.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  18bd70f00050748d95afc8186bb8d4eca32f6933eb5fed644ed54ff8a01754e9.exe
- Size
  
  5KB
- MD5
  
  797a96f11dbaf5a64bde51be8ae1b0d0
- SHA1
  
  04830604fa3e508ce5c4119831f89e9353d2ae06
- SHA256
  
  18bd70f00050748d95afc8186bb8d4eca32f6933eb5fed644ed54ff8a01754e9
- SHA512
  
  beacc195efa95cc8abc7f007a4dce08af5e7a68d3e76be38c2736b9161af92bdcc43a3497562074e9ff32cc1b759ad3ed99dc17e418a3ff4d8b0fdc4c8d5a617
- SSDEEP
  
  96:s79kkCFmOg55/NjKtu8T/WPSvFd3ojmrl:a9kPFZgPNjK88T/WiFdN
Score

10^/10

asyncrat defendersmartscren rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefendersmartscrenrat