asyncrat | 7158cb26fb5a843496b92e30c4366fdfa2b49cd8c59f280ee71e853a68ef0a69 | Triage

Submit
Reports

Overview

overview

Static

static

1

Odeme3222023.scr.exe

windows7-x64

Odeme3222023.scr.exe

windows10-2004-x64

Sharing

General

Target

Odeme3222023.scr.exe
Size

635KB
Sample

230322-xn8rbsag57
MD5

02e24e9cfe0669ac85121b1b35f7a942
SHA1

0acb91424c9e6329b0966177cc5541f0bb2c4908
SHA256

7158cb26fb5a843496b92e30c4366fdfa2b49cd8c59f280ee71e853a68ef0a69
SHA512

cc697818469e535cdb3d9470bb25d38f8d845d668d50e72b61911bd561d94ffff5e04448fda4537bba28fb5666345b1fc748b1f80443c54bac6ca191df4de013
SSDEEP

12288:NcrNS33L10QdrXjCDn1R6WlM96zWDfJbZEvJmD7ugVkh/fwJ6DD:wNA3R5drX2D1RTM9aEfJbUYD79ofJDD

Score

10^/10

asyncrat mnock rat

Static task

static1

Behavioral task

behavioral1

Sample

Odeme3222023.scr.exe

Resource

win7-20230220-en

asyncrat mnock rat

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

Odeme3222023.scr.exe

Resource

win10v2004-20230220-en

asyncrat mnock rat

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Mnock

C2

mooroopecamroy.sytes.net:1452

mooroopecamroy.sytes.net:1432

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
crssi.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Odeme3222023.scr.exe
- Size
  
  635KB
- MD5
  
  02e24e9cfe0669ac85121b1b35f7a942
- SHA1
  
  0acb91424c9e6329b0966177cc5541f0bb2c4908
- SHA256
  
  7158cb26fb5a843496b92e30c4366fdfa2b49cd8c59f280ee71e853a68ef0a69
- SHA512
  
  cc697818469e535cdb3d9470bb25d38f8d845d668d50e72b61911bd561d94ffff5e04448fda4537bba28fb5666345b1fc748b1f80443c54bac6ca191df4de013
- SSDEEP
  
  12288:NcrNS33L10QdrXjCDn1R6WlM96zWDfJbZEvJmD7ugVkh/fwJ6DD:wNA3R5drX2D1RTM9aEfJbUYD79ofJDD
Score

10^/10

asyncrat mnock rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratmnockrat

behavioral2

asyncratmnockrat

© 2018-2024

Terms | Privacy