asyncrat | 1501ed409db46bc33f3f4a13c9d2150308597fb91cff20e04c9df0d5f3dec37d | Triage

Sharing

General

Target

1501ed409db46bc33f3f4a13c9d2150308597fb91cff20e04c9df0d5f3dec37d
Size

172KB
Sample

230131-wat6cabc7x
MD5

6f97a3f9d8c88ac5ba01fccf033a66aa
SHA1

5152b20ec9d63e9decb5a17ae652ebd105ce0a24
SHA256

1501ed409db46bc33f3f4a13c9d2150308597fb91cff20e04c9df0d5f3dec37d
SHA512

a6c3afda108f973a0a4d424db289726c5ee0a46c88030e9354ffa639e81e03a6c4209dbfef4d0c384e919a7a904d4c15feef8e33057017f6a62843362640bdcb
SSDEEP

1536:pc9URWzKr7PhuuUpV7+5JTiy95UuUCQahsf5mZIWiwwr7QXsouW2ASDDA6rRcC+R:ppWaxa7Dy956S2j4xnsvXtPdSae1

Score

10^/10

asyncrat purecrypter downloader loader persistence rat spyware

Malware Config

Extracted

Family

purecrypter

C2

http://163.123.142.210/Twpowpijhqf.dat

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://185.106.94.146/filezilla.bat

Targets

- Target
  
  1501ed409db46bc33f3f4a13c9d2150308597fb91cff20e04c9df0d5f3dec37d
- Size
  
  172KB
- MD5
  
  6f97a3f9d8c88ac5ba01fccf033a66aa
- SHA1
  
  5152b20ec9d63e9decb5a17ae652ebd105ce0a24
- SHA256
  
  1501ed409db46bc33f3f4a13c9d2150308597fb91cff20e04c9df0d5f3dec37d
- SHA512
  
  a6c3afda108f973a0a4d424db289726c5ee0a46c88030e9354ffa639e81e03a6c4209dbfef4d0c384e919a7a904d4c15feef8e33057017f6a62843362640bdcb
- SSDEEP
  
  1536:pc9URWzKr7PhuuUpV7+5JTiy95UuUCQahsf5mZIWiwwr7QXsouW2ASDDA6rRcC+R:ppWaxa7Dy956S2j4xnsvXtPdSae1
Score

10^/10

asyncrat purecrypter downloader loader persistence rat spyware
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Blocklisted process makes network request
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratpurecrypterdownloaderloaderpersistenceratspyware