asyncrat

Sharing

General

Target

9c51eafc9db8f747cccf726178f3b1a239c73ecc70b224aedb5566f04cdb8689
Size

534KB
Sample

230119-hw4d9afc76
MD5

35de48ace22edbbb236c3d717efc7f97
SHA1

a5da09f406ffcaf55bc3edfcfb3aedd84c850450
SHA256

9c51eafc9db8f747cccf726178f3b1a239c73ecc70b224aedb5566f04cdb8689
SHA512

75e0ba081355634d6996af9eae2bdfd161d9fe6cfee25967d09fa148c2122d924c2206d72b76a503dcba2e1cbc42f878610e5164817b6d9c95c683c7252f0c19
SSDEEP

12288:8E1+CGi5U3xqGl2qvxuWKanVVcxxovK/wZ/o+1nF3QAPn/zFAps:d1+CJ5p5qAEVV4mvKqw+H3b/y

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

System Guard Runtime

85.105.88.221:2531

Mutex

System Guard Runtime

Attributes

delay
3
install
false
install_file
System Guard Runtime
install_folder
%AppData%

aes.plain

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

WHostProjess

95.70.151.185:8805

Mutex

WHostProjess

Attributes

delay
3
install
false
install_file
WHostProjess
install_folder
%AppData%

aes.plain

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

DefenderSmartScren

217.64.31.3:8437

Mutex

DefenderSmartScren

Attributes

delay
3
install
false
install_file
SecurityHealtheurvice.exe
install_folder
%AppData%

aes.plain

Extracted

Family

asyncrat

Version

1.0.7

Botnet

WindowsDefenderSmarttScreen

217.64.31.3:9742

Mutex

WindowsDefenderSmarttScreen

Attributes

delay
1
install
false
install_file
WindowsDefenderSmarttScreen.exe
install_folder
%AppData%

aes.plain

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

UWUISCOMIC

20.100.196.69:9281

Mutex

UWUISCOMIC

Attributes

delay
3
install
false
install_file
DerenderScuriry
install_folder
%AppData%

aes.plain

Extracted

Family

redline

Botnet

Muckk

3.66.213.216:60782

Targets

- Target
  
  9c51eafc9db8f747cccf726178f3b1a239c73ecc70b224aedb5566f04cdb8689
- Size
  
  534KB
- MD5
  
  35de48ace22edbbb236c3d717efc7f97
- SHA1
  
  a5da09f406ffcaf55bc3edfcfb3aedd84c850450
- SHA256
  
  9c51eafc9db8f747cccf726178f3b1a239c73ecc70b224aedb5566f04cdb8689
- SHA512
  
  75e0ba081355634d6996af9eae2bdfd161d9fe6cfee25967d09fa148c2122d924c2206d72b76a503dcba2e1cbc42f878610e5164817b6d9c95c683c7252f0c19
- SSDEEP
  
  12288:8E1+CGi5U3xqGl2qvxuWKanVVcxxovK/wZ/o+1nF3QAPn/zFAps:d1+CJ5p5qAEVV4mvKqw+H3b/y
Score

10^/10

asyncrat redline defendersmartscren muckk system guard runtime uwuiscomic whostprojess windowsdefendersmarttscreen infostealer persistence rat upx
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Async RAT payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1