asyncrat | c7d5e45e077163f6e426e01c0d2a5a3a37d1addeb8dd32b09088190f99049fb7 | Triage

Submit
Reports

Overview

overview

Static

static

52bf11364e...41.exe

windows7-x64

52bf11364e...41.exe

windows10-2004-x64

Sharing

General

Target

52bf11364e8430f4b271ebb29e2a55451543338be5b2a34e731ede58eef04241
Size

63KB
Sample

230131-wga12sbd21
MD5

30a41567b09e34ff15e3e388219d8221
SHA1

90db122d8f475562bf3b346d0ce9c04fabd43fae
SHA256

c7d5e45e077163f6e426e01c0d2a5a3a37d1addeb8dd32b09088190f99049fb7
SHA512

e17a5d81ef6915790fb206a50788739797f2a606d81916e3a36d86fa53439683ee3ca69d1ed014f51af54afa2309a799fafbd7fedc61f9e8614061e3efdd6b83
SSDEEP

1536:WbO1/YRYNVRHBS2+hkto2YLEcyKSbXarURxoAGgOQPRjm+:Wb2/Y2NV9Br+0Y4yGvfGgc+

Score

10^/10

asyncrat system guard runtime persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

52bf11364e8430f4b271ebb29e2a55451543338be5b2a34e731ede58eef04241.exe

Resource

win7-20221111-en

asyncrat system guard runtime persistence rat

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

52bf11364e8430f4b271ebb29e2a55451543338be5b2a34e731ede58eef04241.exe

Resource

win10v2004-20221111-en

asyncrat system guard runtime persistence rat

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

System Guard Runtime

C2

85.105.88.221:2531

Mutex

System Guard Runtime

Attributes

delay
3
install
false
install_file
System Guard Runtime
install_folder
%AppData%

aes.plain

Targets

- Target
  
  52bf11364e8430f4b271ebb29e2a55451543338be5b2a34e731ede58eef04241
- Size
  
  87KB
- MD5
  
  3c6ccbfe897915f0fe6bc34d193bf4a0
- SHA1
  
  6fe3161ee66e317889066a302474e511220939e7
- SHA256
  
  52bf11364e8430f4b271ebb29e2a55451543338be5b2a34e731ede58eef04241
- SHA512
  
  e0bf1fc11deacb24b5d5de4bcfc522057d1ca1b4866325356b2c9a1f009c6562eee0c0e602478b3639de4beff14997d59a3b428281d9111278544fc5e3199536
- SSDEEP
  
  1536:Fn6gewiUBl7opCAFqRxzWbg5N0ns1decUmnybgR+fPUSphJ7L2Ut:0gewHgCSC0sXmbgR+fPUSphJ7Ll
Score

10^/10

asyncrat system guard runtime persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratsystem guard runtimepersistencerat

behavioral2

asyncratsystem guard runtimepersistencerat

© 2018-2024

Terms | Privacy