asyncrat | 0e19e57f2395dbc6e7126a1c6a6ba9731f7efce4acfe159427e3d0fb2306b4ff | Triage

Submit
Reports

Overview

overview

Static

static

52bf11364e...41.exe

windows7-x64

52bf11364e...41.exe

windows10-2004-x64

Sharing

General

Target

52bf11364e8430f4b271ebb29e2a55451543338be5b2a34e731ede58eef04241
Size

63KB
Sample

230131-n5vrcshh9t
MD5

ed1ee3d0c76369d33b65f03f3ed3ab8f
SHA1

53e87a7a712ed8b1792235692a41ab97aa21b571
SHA256

0e19e57f2395dbc6e7126a1c6a6ba9731f7efce4acfe159427e3d0fb2306b4ff
SHA512

b805ef0cf42ebb6ebaf7b9bad814dffc8a92766e0b5a6a6a1460e403bf9bb46fbf3c4d097ec442897fd4ec5935cb150191dffd0b201575be824ab19806b100a0
SSDEEP

1536:3bO1/YRYNVRHBS2+hkto2YLEcyKSbXarURxoAGgOQPRjmR:3b2/Y2NV9Br+0Y4yGvfGgcR

Score

10^/10

asyncrat system guard runtime persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

52bf11364e8430f4b271ebb29e2a55451543338be5b2a34e731ede58eef04241.exe

Resource

win7-20221111-en

asyncrat system guard runtime persistence rat

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

52bf11364e8430f4b271ebb29e2a55451543338be5b2a34e731ede58eef04241.exe

Resource

win10v2004-20220812-en

asyncrat system guard runtime persistence rat

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

System Guard Runtime

C2

85.105.88.221:2531

Mutex

System Guard Runtime

Attributes

delay
3
install
false
install_file
System Guard Runtime
install_folder
%AppData%

aes.plain

Targets

- Target
  
  52bf11364e8430f4b271ebb29e2a55451543338be5b2a34e731ede58eef04241
- Size
  
  87KB
- MD5
  
  3c6ccbfe897915f0fe6bc34d193bf4a0
- SHA1
  
  6fe3161ee66e317889066a302474e511220939e7
- SHA256
  
  52bf11364e8430f4b271ebb29e2a55451543338be5b2a34e731ede58eef04241
- SHA512
  
  e0bf1fc11deacb24b5d5de4bcfc522057d1ca1b4866325356b2c9a1f009c6562eee0c0e602478b3639de4beff14997d59a3b428281d9111278544fc5e3199536
- SSDEEP
  
  1536:Fn6gewiUBl7opCAFqRxzWbg5N0ns1decUmnybgR+fPUSphJ7L2Ut:0gewHgCSC0sXmbgR+fPUSphJ7Ll
Score

10^/10

asyncrat system guard runtime persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratsystem guard runtimepersistencerat

behavioral2

asyncratsystem guard runtimepersistencerat

© 2018-2024

Terms | Privacy