asyncrat | c818d064222c52c7d72aa37bb30c1b8cf98920ff42fc8eb2d41e049410f937f9 | Triage

Submit
Reports

Overview

overview

Static

static

7

Hidden Mal...V5.exe

windows7-x64

9

Hidden Mal...V5.exe

windows10-2004-x64

Sharing

General

Target

Hidden Malware Builder V5.0.rar
Size

5.4MB
Sample

230313-x4dacsbg36
MD5

4adccdbb8cd95b2ee8da5c91d109286b
SHA1

eb1c18b78a7fe31a112bd39bc970d1a7f4c1e12c
SHA256

c818d064222c52c7d72aa37bb30c1b8cf98920ff42fc8eb2d41e049410f937f9
SHA512

7950a015df057c20759450fac795406d4387e39653af8f9a9dc220933cb5a2a16599e7db14738b8908cae7f876c6c240003c5f36b454dafca0e0b0786eafac8c
SSDEEP

98304:0BtDfH+L8UYu+C1iV/u/zX4ZVKiIEwoIaUcenym+F0nFjgUedZLIdDnnnVzF2Q6l:es8bulwVmUDpIboIjn918UksdLn9FWX1

Score

10^/10

asyncrat evasion rat themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Hidden Malware Builder V5.0/H-Malware Builder V5.exe

Resource

win7-20230220-en

evasion themida trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

Hidden Malware Builder V5.0/H-Malware Builder V5.exe

Resource

win10v2004-20230221-en

asyncrat evasion rat themida trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Mutex

AsyncMutex_7SI8OkPnk

Attributes

delay
3
install
true
install_file
ContainerRuntime.exe
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/Kb8rTgY7

aes.plain

Targets

- Target
  
  Hidden Malware Builder V5.0/H-Malware Builder V5.exe
- Size
  
  3.6MB
- MD5
  
  57376dc58b364f2282afbbddcb8dd192
- SHA1
  
  e028e7293e55ea12dad74b7d42c687a9f450afeb
- SHA256
  
  76ec12ac2cbab7a0bea9b656afbc469c53a6948a18c783a5d99a92263274ff70
- SHA512
  
  ca06edcfff15a2b45a2c8d5bf5b76d38ff727e5cea34783c2ec4c1988f6b0c7dd492d9bbb6a5f1cf15fdd9120c72a66c1b34b8b6a3efba8066aec4f7a45a39c0
- SSDEEP
  
  49152:bhRhbyC5mXd6cy0uc4SgcsEEcv02+sazXIOUDa+mC5R6QsKsi3tX/aguTvCBCuir:pTXVhc50vsqALt50QsK5uyi4/g
Score

10^/10

evasion themida trojan asyncrat rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Virtualization/Sandbox Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

evasionthemidatrojan

behavioral2

asyncratevasionratthemidatrojan

© 2018-2024

Terms | Privacy