asyncrat | d4d4f37aa785f75cb096d0a6b275b0c9f8744e7cd0ea8c84f639c89258f4d992 | Triage

Submit
Reports

Overview

overview

Static

static

1

Odeme3222023.scr

windows7-x64

Odeme3222023.scr

windows10-2004-x64

Sharing

General

Target

Odeme3222023.gz.zip
Size

513KB
Sample

230323-p1r1cahf2z
MD5

d5e9854750735f368a80beb0b6dd97c4
SHA1

d53b59f041d432a251053eff27055c9eee91bbe2
SHA256

d4d4f37aa785f75cb096d0a6b275b0c9f8744e7cd0ea8c84f639c89258f4d992
SHA512

6222a9bf5036610a113671282f8c0fd3fdf3464770e0865543cfc42fd5df248445aa1f418ea5735b62c245fff4a59e0196685ea1e2d7e7965b149939a92ebd36
SSDEEP

12288:TxR4g66m9h3lMb67WDfJbLEBJmD7wgdeh/RwJ6DM:cgf4MbYEfJbeYD7vqRJDM

Score

10^/10

asyncrat mnock rat

Static task

static1

Behavioral task

behavioral1

Sample

Odeme3222023.scr

Resource

win7-20230220-en

asyncrat mnock rat

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

Odeme3222023.scr

Resource

win10v2004-20230220-en

asyncrat mnock rat

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Mnock

C2

mooroopecamroy.sytes.net:1452

mooroopecamroy.sytes.net:1432

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
crssi.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Odeme3222023.scr
- Size
  
  635KB
- MD5
  
  02e24e9cfe0669ac85121b1b35f7a942
- SHA1
  
  0acb91424c9e6329b0966177cc5541f0bb2c4908
- SHA256
  
  7158cb26fb5a843496b92e30c4366fdfa2b49cd8c59f280ee71e853a68ef0a69
- SHA512
  
  cc697818469e535cdb3d9470bb25d38f8d845d668d50e72b61911bd561d94ffff5e04448fda4537bba28fb5666345b1fc748b1f80443c54bac6ca191df4de013
- SSDEEP
  
  12288:NcrNS33L10QdrXjCDn1R6WlM96zWDfJbZEvJmD7ugVkh/fwJ6DD:wNA3R5drX2D1RTM9aEfJbUYD79ofJDD
Score

10^/10

asyncrat mnock rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratmnockrat

behavioral2

asyncratmnockrat

© 2018-2024

Terms | Privacy