asyncrat | 70582b446bba24b783c1ae6f42701a5b334af4f983e4d6468f295783ad783a47 | Triage

Submit
Reports

Overview

overview

Static

static

1

7158cb26fb...69.exe

windows7-x64

7158cb26fb...69.exe

windows10-2004-x64

7

Sharing

General

Target

02e24e9cfe0669ac85121b1b35f7a942.bin
Size

514KB
Sample

230324-bcv57sdc2x
MD5

6ad3551d2ef8d199901c9b7f05813418
SHA1

c6dd30fdc994c9d6985620119a9c851c36d1430e
SHA256

70582b446bba24b783c1ae6f42701a5b334af4f983e4d6468f295783ad783a47
SHA512

5713c87ef1efce4ea74d6632d89a9c986d230fc182e07a10e623e96f3b48d108e17deea6a8f23c56e11a22fdd9167d3ac0847d9124a3759061c2f488301497d5
SSDEEP

12288:XMx3Divj3E9YOx1oJz4bJA9lKOdpILa+pHX4UFJSwjeU2:mej3E2i1Q4bJklKX4UFYhH

Score

10^/10

asyncrat mnock rat

Static task

static1

Behavioral task

behavioral1

Sample

7158cb26fb5a843496b92e30c4366fdfa2b49cd8c59f280ee71e853a68ef0a69.exe

Resource

win7-20230220-en

asyncrat mnock rat

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

7158cb26fb5a843496b92e30c4366fdfa2b49cd8c59f280ee71e853a68ef0a69.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Mnock

C2

mooroopecamroy.sytes.net:1452

mooroopecamroy.sytes.net:1432

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
crssi.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  7158cb26fb5a843496b92e30c4366fdfa2b49cd8c59f280ee71e853a68ef0a69.exe
- Size
  
  635KB
- MD5
  
  02e24e9cfe0669ac85121b1b35f7a942
- SHA1
  
  0acb91424c9e6329b0966177cc5541f0bb2c4908
- SHA256
  
  7158cb26fb5a843496b92e30c4366fdfa2b49cd8c59f280ee71e853a68ef0a69
- SHA512
  
  cc697818469e535cdb3d9470bb25d38f8d845d668d50e72b61911bd561d94ffff5e04448fda4537bba28fb5666345b1fc748b1f80443c54bac6ca191df4de013
- SSDEEP
  
  12288:NcrNS33L10QdrXjCDn1R6WlM96zWDfJbZEvJmD7ugVkh/fwJ6DD:wNA3R5drX2D1RTM9aEfJbUYD79ofJDD
Score

10^/10

asyncrat mnock rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratmnockrat

behavioral2

© 2018-2024

Terms | Privacy