asyncrat | 3033956fcd540bc6d9f64fe4bce35b626deb627f7cc8394c19d1e3c07485ef61 | Triage

Submit
Reports

Overview

overview

Static

static

corrected ...ent.js

windows7-x64

corrected ...ent.js

windows10-2004-x64

Sharing

General

Target

corrected the terms of payment.js
Size

226KB
Sample

230201-kcemwsed51
MD5

280e79b75c74e2449baf87a246927342
SHA1

5b5376e5c25f25d65ba2717908ca0f559a0f0446
SHA256

3033956fcd540bc6d9f64fe4bce35b626deb627f7cc8394c19d1e3c07485ef61
SHA512

a6eecca1695fd32ba91c58b028342d96731bb3e8f7641fba00cdceebdedd32e95555eda6cbc29711c5dcd437763129e080666bb037141356e162da5391a49061
SSDEEP

6144:dKWuABY4W3vLv93KN4bwG0CehURoxNRHyM3:dKlIYu4UG7axWM3

Score

10^/10

asyncrat default persistence rat upx

Static task

static1

Behavioral task

behavioral1

Sample

corrected the terms of payment.js

Resource

win7-20220812-en

asyncrat default persistence rat upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

corrected the terms of payment.js

Resource

win10v2004-20221111-en

asyncrat persistence rat upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

87.237.165.133:6161

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  corrected the terms of payment.js
- Size
  
  226KB
- MD5
  
  280e79b75c74e2449baf87a246927342
- SHA1
  
  5b5376e5c25f25d65ba2717908ca0f559a0f0446
- SHA256
  
  3033956fcd540bc6d9f64fe4bce35b626deb627f7cc8394c19d1e3c07485ef61
- SHA512
  
  a6eecca1695fd32ba91c58b028342d96731bb3e8f7641fba00cdceebdedd32e95555eda6cbc29711c5dcd437763129e080666bb037141356e162da5391a49061
- SSDEEP
  
  6144:dKWuABY4W3vLv93KN4bwG0CehURoxNRHyM3:dKlIYu4UG7axWM3
Score

10^/10

asyncrat default persistence rat upx
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratdefaultpersistenceratupx

behavioral2

asyncratpersistenceratupx

© 2018-2024

Terms | Privacy