asyncrat | c4faab169180f07a3621c37d42aa79d04825b2a2ecc2ba01b3db7d1a8950c8b6 | Triage

Submit
Reports

Overview

overview

Static

static

1

Invoice due.one.exe

windows10-1703-x64

Invoice due.one.exe

windows7-x64

7

Invoice due.one.exe

windows10-2004-x64

Sharing

General

Target

Invoice due.one.exe
Size

153KB
Sample

230209-sc1t5agf3s
MD5

6de66d63e7e9a414313c0237cbe97e78
SHA1

464b5449e668281565e3378c72063431be99c15f
SHA256

c4faab169180f07a3621c37d42aa79d04825b2a2ecc2ba01b3db7d1a8950c8b6
SHA512

cc2ecad9bcee75e79c812564afadee4bfe3445b72818d13ff92b732326e222699b3d803728742a0ddc64adc7405eae3d365abb6371f62a921589ab82075930c0
SSDEEP

3072:f0FHdppuOf+wMSHjnywM0vY9t8Qkh+n8KMmkYX3HB8ox1wm/:cFPMOf+wMAywM0EJksnJvNHh8Sn/

Score

10^/10

asyncrat default persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

Invoice due.one.exe

Resource

win10-20220812-en

asyncrat default rat

windows10-1703-x64

8 signatures

1200 seconds

Behavioral task

behavioral2

Sample

Invoice due.one.exe

Resource

win7-20221111-en

windows7-x64

6 signatures

1200 seconds

Behavioral task

behavioral3

Sample

Invoice due.one.exe

Resource

win10v2004-20220901-en

asyncrat persistence rat

windows10-2004-x64

18 signatures

1200 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

mulla1.mywire.org:6606

mulla1.mywire.org:7707

mulla1.mywire.org:8808

mulla2022.hopto.org:6606

mulla2022.hopto.org:7707

mulla2022.hopto.org:8808

mulla2.mywire.org:6606

mulla2.mywire.org:7707

mulla2.mywire.org:8808

Mutex

Gallery

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Invoice due.one.exe
- Size
  
  153KB
- MD5
  
  6de66d63e7e9a414313c0237cbe97e78
- SHA1
  
  464b5449e668281565e3378c72063431be99c15f
- SHA256
  
  c4faab169180f07a3621c37d42aa79d04825b2a2ecc2ba01b3db7d1a8950c8b6
- SHA512
  
  cc2ecad9bcee75e79c812564afadee4bfe3445b72818d13ff92b732326e222699b3d803728742a0ddc64adc7405eae3d365abb6371f62a921589ab82075930c0
- SSDEEP
  
  3072:f0FHdppuOf+wMSHjnywM0vY9t8Qkh+n8KMmkYX3HB8ox1wm/:cFPMOf+wMAywM0EJksnJvNHh8Sn/
Score

10^/10

asyncrat default rat persistence
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratdefaultrat

behavioral2

behavioral3

asyncratpersistencerat

© 2018-2024

Terms | Privacy