asyncrat | f8c1d4136081e19fba8ea2c9ba40487a65e5a338997116fda7b4845cb5138990 | Triage

Submit
Reports

Overview

overview

Static

static

1

123.exe

windows7-x64

123.exe

windows10-2004-x64

Sharing

General

Target

123.exe
Size

165KB
Sample

230323-m1g42afb49
MD5

85e184f78890926b234f00e849f784a5
SHA1

b4b29e2e1c783ca42d4619b5c403590a1a213d2e
SHA256

f8c1d4136081e19fba8ea2c9ba40487a65e5a338997116fda7b4845cb5138990
SHA512

0a5040c43e2a65c33e54d3547ebc6b7ee853f46359752b8693757c4cf54520c2cd357b575c2bdc04cc378da4e1ae847005db95f674ba175fe23227760c738f75
SSDEEP

3072:iEBMe85qktJGThMsYMkHwl5cAOVw28lNb7fexY/Mhs6kO:iEB5857MThzYM8wl5cDKH7UYEl

Score

10^/10

asyncrat discovery evasion persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

123.exe

Resource

win7-20230220-en

asyncrat discovery evasion persistence rat trojan

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

123.exe

Resource

win10v2004-20230220-en

discovery evasion persistence trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
45.151.135.235
Port:
21
Username:
123
Password:
123

Extracted

Family

asyncrat

C2

61.160.213.14:8848

Mutex

xihongshi

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  123.exe
- Size
  
  165KB
- MD5
  
  85e184f78890926b234f00e849f784a5
- SHA1
  
  b4b29e2e1c783ca42d4619b5c403590a1a213d2e
- SHA256
  
  f8c1d4136081e19fba8ea2c9ba40487a65e5a338997116fda7b4845cb5138990
- SHA512
  
  0a5040c43e2a65c33e54d3547ebc6b7ee853f46359752b8693757c4cf54520c2cd357b575c2bdc04cc378da4e1ae847005db95f674ba175fe23227760c738f75
- SSDEEP
  
  3072:iEBMe85qktJGThMsYMkHwl5cAOVw28lNb7fexY/Mhs6kO:iEB5857MThzYM8wl5cDKH7UYEl
Score

10^/10

asyncrat discovery evasion persistence rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- UAC bypass
  evasion trojan
- Async RAT payload
  rat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratdiscoveryevasionpersistencerattrojan

behavioral2

discoveryevasionpersistencetrojan

© 2018-2024

Terms | Privacy