asyncrat | 6ea95e85a279f9f842504b80c85ec920aeaefab99ebc377709a1f4317929ccef | Triage

Submit
Reports

Overview

overview

Static

static

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

General

Target

file.exe
Size

45KB
Sample

230120-q7jszsga3t
MD5

c19b1914fdfb5f4dc77afef42e967909
SHA1

49436764140a7bfcd332bc91ca141706d0519a88
SHA256

6ea95e85a279f9f842504b80c85ec920aeaefab99ebc377709a1f4317929ccef
SHA512

8c26d71bd1c3b991446b7b7d1ec7ca995aeaf1c5a4e49af4f8b2c9b0cbe8f37f1b97b517899ab530d64a2a0111aafa12c631904c958ebc688fa2bcee0b8078e3
SSDEEP

768:Zu1a71T3EiJfWUzuydmo2qzDKjGKG6PIyzjbFgX3i3w0HpLofac5BDZgjS:Zu1a71T3xN2SKYDy3bCXS3/HpUagdiS

Score

10^/10

asyncrat default rat

Static task

static1

rat default asyncrat

2 signatures

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20220812-en

asyncrat default rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20220901-en

asyncrat default rat

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

Mutex

TestM6SI8Ok23k

Attributes

delay
3
install
true
install_file
Nvidia.exe
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/WxVJqvSS

aes.plain

Targets

- Target
  
  file.exe
- Size
  
  45KB
- MD5
  
  c19b1914fdfb5f4dc77afef42e967909
- SHA1
  
  49436764140a7bfcd332bc91ca141706d0519a88
- SHA256
  
  6ea95e85a279f9f842504b80c85ec920aeaefab99ebc377709a1f4317929ccef
- SHA512
  
  8c26d71bd1c3b991446b7b7d1ec7ca995aeaf1c5a4e49af4f8b2c9b0cbe8f37f1b97b517899ab530d64a2a0111aafa12c631904c958ebc688fa2bcee0b8078e3
- SSDEEP
  
  768:Zu1a71T3EiJfWUzuydmo2qzDKjGKG6PIyzjbFgX3i3w0HpLofac5BDZgjS:Zu1a71T3xN2SKYDy3bCXS3/HpUagdiS
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat

© 2018-2024

Terms | Privacy