asyncrat | 1887fa1977cff3ff0c883ec2659c06d88f344902b515bece48e599790411b1d8 | Triage

Submit
Reports

Overview

overview

Static

static

05b1080658...61.exe

windows7-x64

05b1080658...61.exe

windows10-2004-x64

Sharing

General

Target

a7f473e14b7c3e56561ff51f87b2f279.bin
Size

22KB
Sample

230323-b1992acg29
MD5

4e8c30204ecc65221cbc2877ce41ec75
SHA1

ac7bb9a7868f1622f8236503704f7f986e4cf972
SHA256

1887fa1977cff3ff0c883ec2659c06d88f344902b515bece48e599790411b1d8
SHA512

bc8424c1cacd6ae83ebb561d73d239ed8b365c9bf9b573f8525d853f4eb5d2f8fcf263cbe6047eefdec19014ec9bffe9060ddf5af897cd4c3fa99648c2a48ddb
SSDEEP

384:wzMerRqnjraRiLt+X/Uzpm3mAsLb+ny/+nqoQaLNW5M5+YzUosqfv2x/lmxzpbDh:wz98jrEau/Uzpm3mDb2s+nqwQO5BztXl

Score

10^/10

asyncrat com surrogate rat

Static task

static1

rat com surrogate asyncrat

2 signatures

Behavioral task

behavioral1

Sample

05b1080658b2c922f7becdb930e8f9fc34822b27982a4d89784f335565df7361.exe

Resource

win7-20230220-en

asyncrat com surrogate rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

05b1080658b2c922f7becdb930e8f9fc34822b27982a4d89784f335565df7361.exe

Resource

win10v2004-20230220-en

asyncrat com surrogate rat

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

COM Surrogate

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

127.0.0.1:1604

127.0.0.1:14576

127.0.0.1:15074

4.tcp.eu.ngrok.io:6606

4.tcp.eu.ngrok.io:7707

4.tcp.eu.ngrok.io:8808

4.tcp.eu.ngrok.io:1604

4.tcp.eu.ngrok.io:14576

4.tcp.eu.ngrok.io:15074

7.tcp.eu.ngrok.io:6606

7.tcp.eu.ngrok.io:7707

7.tcp.eu.ngrok.io:8808

7.tcp.eu.ngrok.io:1604

7.tcp.eu.ngrok.io:14576

7.tcp.eu.ngrok.io:15074

Mutex

COM Surrogate

Attributes

delay
3
install
true
install_file
Microsoftfixer.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  05b1080658b2c922f7becdb930e8f9fc34822b27982a4d89784f335565df7361.exe
- Size
  
  45KB
- MD5
  
  a7f473e14b7c3e56561ff51f87b2f279
- SHA1
  
  799bb3816916db3e6e92ff665c34e020cf444859
- SHA256
  
  05b1080658b2c922f7becdb930e8f9fc34822b27982a4d89784f335565df7361
- SHA512
  
  eb118655b71c4b04cc9da4de9f943b98ce9c7ca562835a39a757a4e5f333da0fdcb39c34eec0f5351855875a301078ecc96126af32c17f4f1eff512c4cdc5e69
- SSDEEP
  
  768:TuERVThg5RXWUr/+1mo2qD84lNVx1VEHUPIKFjbmgX3inm6AhL1uQHQoBDZTx:TuERVThaa2AlQKNb5XSTApHdTx
Score

10^/10

asyncrat com surrogate rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

ratcom surrogateasyncrat

behavioral1

asyncratcom surrogaterat

behavioral2

asyncratcom surrogaterat

© 2018-2024

Terms | Privacy