asyncrat

Sharing

Copy URL

Twitter E-mail

General

Target

AnkaBotPC_4.0.5.rar
Size

167.3MB
Sample

230215-vy77facg6y
MD5

a5dbe858dc9983fed2f8624e77b8a506
SHA1

e36f0c2713e06f39daad111dde9cc5d13d170dc8
SHA256

7ecfcfc4ea9e2c28f52836fb1122bf7327a77308b6bee25226967876d2ae889a
SHA512

6f61549176d28c12dfc515d1cda77c1c7e58ae19ac116ca945be82626c043ee18999011d7b4e744fd480c3330e04a5c7c3ac20400dca250c923856275c638236
SSDEEP

3145728:5azAZvwfcmwvQTRqjvNKOpLIseQ2OxETDSoO6q3WC5zmj1XaCwT4iG:5a6vwzrqNNereoO+mzMXavT+

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.0

Botnet

Default

141.98.11.72:4449

Mutex

sdtgyxyhor

Attributes

delay
1
install
true
install_file
Ankabotkey.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  AnkaBotPC_4.0.5/AnkaBotPC/AnkaBot.exe
- Size
  
  5.2MB
- MD5
  
  3ec5bba148ed1f017a5de13b3064351b
- SHA1
  
  d51752cefc6f97b2048d5c2251cd7bdcdd76b3d8
- SHA256
  
  2b6fb5f33d759fa73e82a010bab5b72be0a4f457df44438f773e22aa15c7e153
- SHA512
  
  322b93f495600ebfaef1bed4e4d53c827cc0c7a57bff7e0836f337f89a23aed3c05e11fcfb89b75d4473ef75af242ca26f92bb063f7286c7c9e08469dee19b43
- SSDEEP
  
  49152:kCFTcDoLTpw84MLRoVpTHOI1TFbH049FV3id9vYI90u/Wjy/zppP1s742SoNj2Pf:PTcDiTp8ML0ROIw+Zj00u/WWzpp18xK
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  AnkaBotPC_4.0.5/AnkaBotPC/AnkaBotCrashHandler.exe
- Size
  
  9KB
- MD5
  
  0ca573f080df991ee4211c6bf8488b13
- SHA1
  
  1f8aed5dd81e54563056c3019c86dfdbce70396a
- SHA256
  
  baea50812fea079339caccfe62c3a84a0faa920780e069029f2e54bede55b313
- SHA512
  
  e3a3cae469f12b245fa65aa8c20d8287726f4599e6cdab38a0d92bdb6716af3af6cb08a58b8297891b63324aa7914ca148d61ac5a41b939e40fe8e9e4bfb7627
- SSDEEP
  
  96:zSa9EZiv4F8Dt+3yKrfGX8iPAkH3WNtW1jYcFKNVcz1W4oKYlLya:zPa0dEVc8iPLH8stYcFwVc03KY
Score

1^/10
behavioral3 behavioral4
- Target
  
  AnkaBotPC_4.0.5/AnkaBotPC/AnkaBotProxy.exe
- Size
  
  5.9MB
- MD5
  
  70a69f99c9fd0ddcfc74dfc5dccaa2ba
- SHA1
  
  cd6429990749e475b171a3c60250764df4e3fdf0
- SHA256
  
  b3c9d86cbddc3080a47566c69ed251ea712c59e283c85995682ce18d50c06fbf
- SHA512
  
  8e7624a6c12aac2afe1a8886f85fd3292325ac2ff69f8f7c7fe3d54289b5d18ec3bfce7757dde7c4c6e3606cee81122c50cbb732a1ae297d64fd9649fef098b1
- SSDEEP
  
  98304:JrAgtjk3C6yCdkAPCFYehLzXFy40lT7Za3G89oovR4RB/+/vjPI6OCgNJPVvurLF:JkMAPC1F6ZkvHiH+/vzVOCg7VvaLF
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral5 behavioral6
- Target
  
  AnkaBotPC_4.0.5/AnkaBotPC/AnkaBotUpdater.exe
- Size
  
  357KB
- MD5
  
  609b9e406a23827e759eebb8d104e9e0
- SHA1
  
  e3b99c9d95f50001686cfdb9bcd61e59be35f26a
- SHA256
  
  4e67ec2bbc54a15d3da635e47f953f4015c331baaba37ec92d325a2d18f559eb
- SHA512
  
  b73ef8ac14567870d6d5282fce55d203b2643893431af5a12bdaf0f2ace1a88587914543bd8874eea04ece188a5c8e0be5c33f27c278680ac59b19a3d98c67f0
- SSDEEP
  
  3072:EbOSMQiYwmlmfuRI8NiOe4sC5hp16ecGNmqBGl5v9Av9/QiYwmlmfxRI8NiOe4sd:ug+sOV7F4WIHut+hOV7G4hwFq
Score

1^/10
behavioral7 behavioral8
- Target
  
  AnkaBotPC_4.0.5/AnkaBotPC/Application/Application.exe
- Size
  
  117.7MB
- MD5
  
  6992783cbf3e0fd73125dc914f75995b
- SHA1
  
  070a2d9b2bc21d211e57b4cbe974227aaa25c502
- SHA256
  
  1ed51d74a767ef74d7f4ee791ab0cbc5934fbe44e29e0bce16fa2475366194fb
- SHA512
  
  4d46570d838d5325bead5b8471b462e3c3c1905606b626f629b783fc4e3ca249e14fc5473473e1f5ac710bc6d067b3f6d9d4e39819c0bde9273b92e1147bf80d
- SSDEEP
  
  1572864:2qkzM44nKULV6HvwkHGZVFb729C/qADtB9yvdRJ1slE0Y3oHg8B+U7Hxwr0F2tEm:zTnE9aPorLM9faLTKe6iS+
Score

1^/10
behavioral10 behavioral9
- Target
  
  AnkaBotPC_4.0.5/AnkaBotPC/Application/LICENSES.chromium.html
- Size
  
  5.2MB
- MD5
  
  4247afa6679602da138e41886bcf27da
- SHA1
  
  3bb8c83dc9d5592119675e67595b294211ddbf6e
- SHA256
  
  bf59a74b4404aa0c893ca8bbe636498629b6a3acdff4acb84de692462fd626e4
- SHA512
  
  ad3103f7fd32f0ec652bc7fcb8c303796367292a366037acad8e1312775cdd92c2f36ed8c34a809251ad044508e1e7579b79847de61025baf8bda5ad578a0330
- SSDEEP
  
  12288:/7etnqnVnMnBnunQ9RBvjYJEi400/Q599b769B9UOE6MwMGucMEbHDuX0YnpWQZG:sPMM5FaWStHvmUKItmfDTeHiVQZp4
Score

1^/10
behavioral11 behavioral12
- Target
  
  AnkaBotPC_4.0.5/AnkaBotPC/Application/d3dcompiler_47.dll
- Size
  
  3.5MB
- MD5
  
  2f2e363c9a9baa0a9626db374cc4e8a4
- SHA1
  
  17f405e81e5fce4c5a02ca049f7bd48b31674c8f
- SHA256
  
  2630f4188bd2ea5451ca61d83869bf7068a4f0440401c949a9feb9fb476e15df
- SHA512
  
  e668a5d1f5e6f821ebfa0913e201f0dfd8da2f96605701f8db18d14ea4fdeac73aeb9b4fe1f22eaeffcdd1c0f73a6701763727d5b09775666f82b678404e4924
- SSDEEP
  
  49152:sXMoHAsisjBFjJMLhHELxJm8ZU8W/GBj5Z535TMpinAizxkl/cD11bqCG7jHbOkD:srZOb8W/G5hnAizxz7NZy9AG
Score

3^/10
behavioral13 behavioral14
- Target
  
  AnkaBotPC_4.0.5/AnkaBotPC/Application/ffmpeg.dll
- Size
  
  2.5MB
- MD5
  
  babfa74f1b84de37e21cd6c307262c26
- SHA1
  
  382836b8612bab5f2ec2f35c266a3ff8ca422262
- SHA256
  
  eea4daf094e80e150ee491913c560745d1600823e94ff5c436c60d9922c89594
- SHA512
  
  ec315ec0343d094e6152a96529813bc929e27dfc77ade467d4cdb07f848f2d1ff3bef11eb6374991c77f13f5ac2da44a5a250678da5a40a749d972701d7a8851
- SSDEEP
  
  49152:YtGX4mOrucp9DHNj8CvJhAbEfvWyZOjpJ:qGobp9DHNVvJhAAfCdJ
Score

1^/10
behavioral15 behavioral16
- Target
  
  AnkaBotPC_4.0.5/AnkaBotPC/Application/libEGL.dll
- Size
  
  349KB
- MD5
  
  8f175c85cd7a0d670855d118a8008e2e
- SHA1
  
  e645802fe45b27e8b6ac244d143bc39e17342bd1
- SHA256
  
  9ef06071c0deb115c7b433496b1ffda1c603b502298e4ce714818c67866c6e78
- SHA512
  
  152fec689f4d886eaed52202213250516c99ddc8019aea1106a2aca4eba6a51f3f9bad8e98bb65bb9293105b10ff5882fa79861ba6b8b4eb6922678c463471f5
- SSDEEP
  
  6144:fEYlqgyp/a1fn9F3bsyy/0oTv1eqMuQ/4RQpV5+eMHm+Kii:fEYlryp/M3bsyyb7SuQ/WQJhb
Score

1^/10
behavioral17 behavioral18
- Target
  
  AnkaBotPC_4.0.5/AnkaBotPC/Application/libGLESv2.dll
- Size
  
  6.6MB
- MD5
  
  60653437bea3c98c6e3e78c1fdab2fac
- SHA1
  
  2f1aac723a6ea62edc4cd6aded4d7e83b9fd2956
- SHA256
  
  998dd8be2fa3a0b2952bedcd175649531a3820b625ee199e15b1bfd8e7991610
- SHA512
  
  0e0d3d6c9c331db0f8e664cc90182192266f654ef91b12027cbe6de9141d2306c4f9e01b4d28b99234b4a12b1f45c715852d952bde118708f8b0f0ab619aff08
- SSDEEP
  
  98304:rLhRfgQ8SnTzV0q5I4AYYIL9INmTfxBQx9lFpswnY4XBBrgodO54:rFRCSqxziL9PT5BQx8wYcgoY5
Score

3^/10
behavioral19 behavioral20
- Target
  
  AnkaBotPC_4.0.5/AnkaBotPC/Application/swiftshader/libEGL.dll
- Size
  
  364KB
- MD5
  
  62e089dae9086a3b14f230b2fffd702f
- SHA1
  
  c8baf039890b309be0d66ca1e661a4681e47ddd3
- SHA256
  
  31c34e3bb5b57101ecc83c6ad153e811ad4e6d18f64c6bc5f9ea15263a550ac2
- SHA512
  
  644428b1c51e3ec8263e938abbab820e36af2eb8618c924037ac1a67bae394c54603f8f981bf7853679213837ead16f8d41dcbcf0da25a5ab0bc87fdad92448a
- SSDEEP
  
  6144:B4vgaNrFwjONtiVw4LVxz3jbIHupKDdheV+FE+liWSsI4:B4vgcrWONtiVxQupKJhj
Score

1^/10
behavioral21 behavioral22
- Target
  
  AnkaBotPC_4.0.5/AnkaBotPC/Application/swiftshader/libGLESv2.dll
- Size
  
  2.7MB
- MD5
  
  3f0789eb2eb23dad2ff6436ccf9da71d
- SHA1
  
  aa268566e1b22d28c0eefdafd23b8a6ed60a987e
- SHA256
  
  36354f44fb58d3360d008172846610e7af680d9688946b5df206514fddd94e42
- SHA512
  
  0dd8704f121e78cc974a80707d911b07a8d1f82d0543b60306e1394bf47a51a7010fb828ee61cf169dffc915a6e23671938bb618a2daf93a41c4609d00fd4cf1
- SSDEEP
  
  49152:ZLhTCDM0nHASAZNT0fIHmM6Scy2kZsOD9h0tdTXustbXc+Z6DSrQ9dF+N3WVDLvS:XTCDMV+gX3/Z1JSb
Score

1^/10
behavioral23 behavioral24
- Target
  
  AnkaBotPC_4.0.5/AnkaBotPC/Application/vk_swiftshader.dll
- Size
  
  3.8MB
- MD5
  
  81397b536d1d5ff570cdb4d87993ebf0
- SHA1
  
  b15d68cfaca9f54fb6599d1b605ead86b56b08f8
- SHA256
  
  a624e33f723db0c4aabcfa4344318d90615ae273f420a6a81ce101e8ae57fd20
- SHA512
  
  0c236b1b05c9739a367e8bbdf813b8ad6773c848ee3e89c4e2bbb3572c24e1950a8e111d051baac9fe4f344bd50ff5c2a890a33de70f805b9eca18bc378f3073
- SSDEEP
  
  49152:fOzU7TubRexXiL+i34UD80vXI6sZLAt6NC5UpHWkmYIYqu3Zq9kbHWicFSBqCzLY:fAUUKivD8Ep894oS1GrBD3M
Score

3^/10
behavioral25 behavioral26
- Target
  
  AnkaBotPC_4.0.5/AnkaBotPC/Application/vulkan-1.dll
- Size
  
  625KB
- MD5
  
  b8d0b24728bedf214c03c7fa3c965288
- SHA1
  
  0adc498ef988e8b6c4e73d73ea598f6bdde312cb
- SHA256
  
  dffe70c5680fb5774a95c66d573783d71db1702a77ca70a492422f9044a70bbe
- SHA512
  
  0bc9bb7385fb6d0993fb0b5800b3f3fdbeb6ff464b95b67a79d8054787368837202f280151bd4a16eaabccca94366b76d17f3f929458dca69f4a5da79f06df5f
- SSDEEP
  
  12288:EaVMRz3jmXRLQ1RtGt5Rp9CR3mv7v2QUsKrSuKMeEut6Bhnj:rVgzzmmm7v31QEah
Score

3^/10
behavioral27 behavioral28
- Target
  
  AnkaBotPC_4.0.5/AnkaBotPC/Bypass.bat
- Size
  
  66KB
- MD5
  
  ed8ed2bfb05f2f2a5496c4d32095c34b
- SHA1
  
  57002f5bf97a9ddf1aafd909dcc676e60343d322
- SHA256
  
  8cabd58822919c0a30ddc7a507e4a55a5d314ec466224791d7814711cf373f6c
- SHA512
  
  e55c939802586f0b1525dc6e6c8964c37edec8c35b0bfcbd08998807d2c6a4a0d05db6100fc6312be983c585b2270e39d113e7a72a13a8403588a64710be39d1
- SSDEEP
  
  1536:ToUWMO7oo0sS7UAkj9O8QQHFdCxlTk/sbbXApJZLTD9VclN:TJof9O8QQHFPsbbXI7PY
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral29 behavioral30
- Target
  
  AnkaBotPC_4.0.5/AnkaBotPC/MoonSharp.Interpreter.dll
- Size
  
  358KB
- MD5
  
  699cc514aaf6f46a51f4ed2511274d8e
- SHA1
  
  7e83cc467941d335c9b19ddcc28ae7319f5e3928
- SHA256
  
  1db76110f21698639f55d28e21bddb536c0c497ceb741dee49fedcca9bcd1588
- SHA512
  
  bd0b5545065585fa7215fe25627ad10f94dc8b124ee5a9c278478a03e45ea24a730ecf6b0ffff96fb59e81f900a05c3d22ef2a34a1586bb4a121344fda11a8b1
- SSDEEP
  
  6144:QUJj6CVrONhcwlfwBCX5yJq61H901drh/IqqwAt:ZJjdrkqBCpk1C/r9tqw
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

Suspicious use of NtSetInformationThreadHideFromDebugger

Async RAT payload

Checks computer location settings

Executes dropped EXE

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32