asyncrat | ec93adc0594e2c2fb8360d594d434bd5a217f2fb7d4184e086220fcae3886c9f | Triage

Submit
Reports

Overview

overview

Static

static

AsyncClient.exe

windows7-x64

AsyncClient.exe

windows10-2004-x64

Sharing

General

Target

AsyncClient.exe
Size

45KB
Sample

230323-vjteqsba3w
MD5

396113eb702441f9d4377425caa87188
SHA1

cdb100adec115eab8239f8d14da3ea3e64c1570c
SHA256

ec93adc0594e2c2fb8360d594d434bd5a217f2fb7d4184e086220fcae3886c9f
SHA512

daf3c73adbde89d21b4928a541712843d9423c355a74013ac222df3d08f763862f31e31a1e110d683d063f2ce7b208dd6c64d4665a4f088c001d68d0fcf1b34e
SSDEEP

768:LudbM1T1fzFPWUDCytmo2qIWKjGKG6PIyzjbFgX3i89bccImEpJp8Mf2uFd0BDZV:LudbM1T1b12qKYDy3bCXS8JcBTpJiuF4

Score

10^/10

asyncrat com surrogate rat

Static task

static1

rat com surrogate asyncrat

2 signatures

Behavioral task

behavioral1

Sample

AsyncClient.exe

Resource

win7-20230220-en

asyncrat com surrogate rat

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

AsyncClient.exe

Resource

win10v2004-20230220-en

asyncrat com surrogate rat

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

COM Surrogate

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

127.0.0.1:1604

127.0.0.1:14576

127.0.0.1:15074

127.0.0.1:15018

4.tcp.eu.ngrok.io:6606

4.tcp.eu.ngrok.io:7707

4.tcp.eu.ngrok.io:8808

4.tcp.eu.ngrok.io:1604

4.tcp.eu.ngrok.io:14576

4.tcp.eu.ngrok.io:15074

4.tcp.eu.ngrok.io:15018

7.tcp.eu.ngrok.io:6606

7.tcp.eu.ngrok.io:7707

7.tcp.eu.ngrok.io:8808

7.tcp.eu.ngrok.io:1604

7.tcp.eu.ngrok.io:14576

7.tcp.eu.ngrok.io:15074

7.tcp.eu.ngrok.io:15018

6.tcp.eu.ngrok.io:6606

6.tcp.eu.ngrok.io:7707

6.tcp.eu.ngrok.io:8808

6.tcp.eu.ngrok.io:1604

6.tcp.eu.ngrok.io:14576

6.tcp.eu.ngrok.io:15074

6.tcp.eu.ngrok.io:15018

Mutex

COM Surrogate

Attributes

delay
3
install
true
install_file
Microsoftfixer.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  AsyncClient.exe
- Size
  
  45KB
- MD5
  
  396113eb702441f9d4377425caa87188
- SHA1
  
  cdb100adec115eab8239f8d14da3ea3e64c1570c
- SHA256
  
  ec93adc0594e2c2fb8360d594d434bd5a217f2fb7d4184e086220fcae3886c9f
- SHA512
  
  daf3c73adbde89d21b4928a541712843d9423c355a74013ac222df3d08f763862f31e31a1e110d683d063f2ce7b208dd6c64d4665a4f088c001d68d0fcf1b34e
- SSDEEP
  
  768:LudbM1T1fzFPWUDCytmo2qIWKjGKG6PIyzjbFgX3i89bccImEpJp8Mf2uFd0BDZV:LudbM1T1b12qKYDy3bCXS8JcBTpJiuF4
Score

10^/10

asyncrat com surrogate rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

ratcom surrogateasyncrat

behavioral1

asyncratcom surrogaterat

behavioral2

asyncratcom surrogaterat

© 2018-2024

Terms | Privacy