asyncrat | e728fc990c2e7926c775d4dedd4394c78e7d67cebc08b937ae8feec17be0ebeb | Triage

Submit
Reports

Overview

overview

Static

static

1

5478f23d8a...f4.exe

windows7-x64

5478f23d8a...f4.exe

windows10-2004-x64

5

Sharing

General

Target

d5bbe92d4a8b9014708e0aa325158e2b.bin
Size

187KB
Sample

230412-e89v1shh24
MD5

499e8f9aecf31da4e4357279c2478ddf
SHA1

3a3f36d45cf1212f6821ceca724a1d814ad01456
SHA256

e728fc990c2e7926c775d4dedd4394c78e7d67cebc08b937ae8feec17be0ebeb
SHA512

a6a9c0a7a601a3cdac5d269308e8c71230c6b6dabd97811da6eb7a95d76991a286ddd966cb1784405c77ab25fe45adb1e31aa9c86170a3900249159effbc4d82
SSDEEP

3072:iNjerhh7hKIwUa/ea76YHKN0qLvPF6XnD9FVzb7WRBufR2cYQy9RYaxbL1iwVQX7:iNjexj2/esHK+uPOnhDzuRYfR2zxv13i

Score

10^/10

asyncrat dnock rat

Static task

static1

Behavioral task

behavioral1

Sample

5478f23d8a67ec7f18ee3ebcfefe3d86d89543c6f323b3de5f7696fdd7697cf4.exe

Resource

win7-20230220-en

asyncrat dnock rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

5478f23d8a67ec7f18ee3ebcfefe3d86d89543c6f323b3de5f7696fdd7697cf4.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Dnock

C2

dnuocc.com:3306

dnuocc.com:1452

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
crsi.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  5478f23d8a67ec7f18ee3ebcfefe3d86d89543c6f323b3de5f7696fdd7697cf4.exe
- Size
  
  225KB
- MD5
  
  d5bbe92d4a8b9014708e0aa325158e2b
- SHA1
  
  7dd6b0e60dbcc9207b5ef18daee9790f14c525d4
- SHA256
  
  5478f23d8a67ec7f18ee3ebcfefe3d86d89543c6f323b3de5f7696fdd7697cf4
- SHA512
  
  5bc381ea0bcce769ef7798a132e56ea6fdfb0526c11b531bed9ff1db4682d5e67c3a246fe0bff87d42f19b0e20933001f9eca0697feb6de0d6aec6a9aaf5004f
- SSDEEP
  
  6144:VeUOuccUzNkM0MU1QPvoj4DFBHLWEUuJJmfUGs70p8I:UUlcjJkrX1QPv/DbrWE5JlGs70pZ
Score

10^/10

asyncrat dnock rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdnockrat

behavioral2

© 2018-2024

Terms | Privacy