asyncrat | c88eb826dc28e918169d7c7ede4095c372174f2dc3348d73d95aff0b63369e1d | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

c88eb826dc28e918169d7c7ede4095c372174f2dc3348d73d95aff0b63369e1d
Size

195KB
Sample

230121-ryyffseg7y
MD5

53cd41f8b3493008f6b850770282e38f
SHA1

7f9b037b66ae566ea5d7883b7fa80ef7f993c535
SHA256

c88eb826dc28e918169d7c7ede4095c372174f2dc3348d73d95aff0b63369e1d
SHA512

691ad5b0cbb353778ce9ca3677c0496aefbbdc102767e76c5e27d9ff1249dec3b602741d02089fa8a9c458d947dc04c479fb38b8c05496affbd3b3d63a346dd6
SSDEEP

3072:+BN4X3le1lBPYkHLqkOqc2np/5lqOTiB9lpBS+2Dtj/1xxvvNFmMjB:SmM1jHLLfc2nVqvNQDtjtxNVF

Score

10^/10

asyncrat smokeloader default backdoor persistence rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

c88eb826dc28e918169d7c7ede4095c372174f2dc3348d73d95aff0b63369e1d.exe

Resource

win10v2004-20221111-en

asyncrat smokeloader default backdoor persistence rat spyware stealer trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

95.216.52.21:8848

Mutex

ytojilhumccb

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  c88eb826dc28e918169d7c7ede4095c372174f2dc3348d73d95aff0b63369e1d
- Size
  
  195KB
- MD5
  
  53cd41f8b3493008f6b850770282e38f
- SHA1
  
  7f9b037b66ae566ea5d7883b7fa80ef7f993c535
- SHA256
  
  c88eb826dc28e918169d7c7ede4095c372174f2dc3348d73d95aff0b63369e1d
- SHA512
  
  691ad5b0cbb353778ce9ca3677c0496aefbbdc102767e76c5e27d9ff1249dec3b602741d02089fa8a9c458d947dc04c479fb38b8c05496affbd3b3d63a346dd6
- SSDEEP
  
  3072:+BN4X3le1lBPYkHLqkOqc2np/5lqOTiB9lpBS+2Dtj/1xxvvNFmMjB:SmM1jHLLfc2nVqvNQDtjtxNVF
Score

10^/10

asyncrat smokeloader default backdoor persistence rat spyware stealer trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Async RAT payload
  rat
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

asyncratsmokeloaderdefaultbackdoorpersistenceratspywarestealertrojan

© 2018-2024

Terms | Privacy