asyncrat | 1e9b18c250bf347ec33d37e7794a5f6cb2ede17ceb61887e09a0cab5ebf5c7f3 | Triage

Submit
Reports

Overview

overview

Static

static

1

cf64d94843...83.exe

windows7-x64

cf64d94843...83.exe

windows10-2004-x64

Sharing

General

Target

cf64d94843b984530750f92cb194db3c93e5c9be37630d3eb480ca025bfcb883.zip
Size

2.5MB
Sample

230329-q7xpvaab81
MD5

ea30610bb2ce4379ca2680ff02680eba
SHA1

8b5195e566464911bab1ebd349e3250ee6faab10
SHA256

1e9b18c250bf347ec33d37e7794a5f6cb2ede17ceb61887e09a0cab5ebf5c7f3
SHA512

1f5f88e116a61948b51a332ad2bee01368eccb836c9e47ce5ada26224bb8182c185c059d1b2881a98a6942e46d820f2a915d5c85bef1926302c7784d55acef49
SSDEEP

49152:3R69h4AnafNVcGZYATnfasmOyADPHw9rwMGkWQyZrwk:g6AkNiQYAzowHw9wWWQ8wk

Score

10^/10

asyncrat redline agilenet infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

cf64d94843b984530750f92cb194db3c93e5c9be37630d3eb480ca025bfcb883.exe

Resource

win7-20230220-en

asyncrat redline agilenet infostealer rat

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

cf64d94843b984530750f92cb194db3c93e5c9be37630d3eb480ca025bfcb883.exe

Resource

win10v2004-20230220-en

redline infostealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  cf64d94843b984530750f92cb194db3c93e5c9be37630d3eb480ca025bfcb883
- Size
  
  3.7MB
- MD5
  
  74587768590d78744339c9fe354a9d01
- SHA1
  
  753d9c0a0d9377e97b7507945fa0d7884a76d6cc
- SHA256
  
  cf64d94843b984530750f92cb194db3c93e5c9be37630d3eb480ca025bfcb883
- SHA512
  
  f5064178cca35fa8e037ccfd70b15a8b43a92dc345e89e3547d91146254796efcbc593483c4da9bce659f66b549747472089af43d8c8347fc6763eb36f6fec08
- SSDEEP
  
  49152:rITh90Nac2vLNgeryROCmmfn8jopu+wlIRK9GOi3iUJVNR97usxJ6:92DNgery8aun2mGOei+NNxJ
Score

10^/10

asyncrat redline agilenet infostealer rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

asyncratredlineagilenetinfostealerrat

behavioral2

redlineinfostealer

© 2018-2024

Terms | Privacy