asyncrat

General

Target

微信分身.zip
Size

188KB
Sample

230602-agczraha78
MD5

553527bda1ea30ad76479c9a26fcfc80
SHA1

7805c57706cd8636dfb5788ea27578d4b9fcbdd6
SHA256

b2ccdc8dab11d336c7d0563e4fb237fbedd18191e6f4f73c9763319243ee6261
SHA512

747bdafafcce40e534dfda72acafbd5bbae402ab7dd1ebd855608e9496c0594aac12c484c7c6fea595e4ebf80d9949849e25267c8fe46d0a25aba704ad813a7b
SSDEEP

3072:OrGbUWozIOIXl4+Cyy2BUVl3WnihtPDcxGHVwxTy8ihiqImFYR/i/cHX1zgxuKCx:ORWo0OIXl4+B4lGiYbj5Ut/glvaYL/R7

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

38.55.205.246:8848

Mutex

22F8B96D21DB3C632EB9

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  微信分身/sogo_shurufa.exe
- Size
  
  112KB
- MD5
  
  f9e01d2c7b4c410beb53cfb33782e397
- SHA1
  
  429287ada25a2ee5bdb1a2b68674cabf2c5bc8ff
- SHA256
  
  ea0735c7a0a27bd6c868d6f0ea0c43f4dfe5923c02977d66dbaea413e67581bb
- SHA512
  
  2b399ecb9fba9a26ad583096990c1e4b50209395beec0dce79155aa4d330a106620b219d1e3edb7c22fc600c7ea4a5c33d628104f9d10b57b5ef35dc71c2f794
- SSDEEP
  
  1536:AYbCQj+L5WCaV7z1lsJfA1aLwLiBIVjFW5FNc6BUQ2/o1XLxwOILfW8:tbCQSL+n1ibOAMQFtMQ17xwOKfW8
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  微信分身/step.exe
- Size
  
  17KB
- MD5
  
  46f26de907de6172a2f0635699447ee8
- SHA1
  
  7b04bc5ecd600998f5897f3d966406e3a39ff1ca
- SHA256
  
  eaf617be85a6cf5fdb338fa825a7e3c5136b5d8009eec30457d7aebc43335906
- SHA512
  
  32b5c38cb7229c7bb9e724c7aad8050d0e976a56d4fe2b06b4cc2fdb7e9d174d7bd59420a870de97fb4778e6fdda35b54b6dc9601c0c24751b16bf6f2a7e8d05
- SSDEEP
  
  192:4ngQgd7MwHxnrEDZtVGFQ6mMPPKetjMoe1F4QSNC+nZnMyJVzFAt082L:4nDs7M6gDtb6XqL4jppJVeC
Score

1^/10
behavioral3 behavioral4
- Target
  
  微信分身/微信分身.exe
- Size
  
  172KB
- MD5
  
  2607b49145280a76f8e5037704d30ec7
- SHA1
  
  db1b633aaf45e2e894b6a4737bbe7de23be6d11a
- SHA256
  
  9450e2068bf973136ee7a24c33e2c0740cb0a7ed501740c5e3c4bdc328fc92ea
- SHA512
  
  f3d080a1906c60438275a2365b20896f67352633f9c1cfd6148521dd1d4fde3310ed73ab934d4ee59df59eb46e516e951ff8cc9fb58a759eed3b22e1a1532a7e
- SSDEEP
  
  3072:xzpQb1Y2MC641lwP4D1wrmFEj9oB0OXFCY6arj+GMifDS:tpQbMofwgEw0OXFCztV
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
behavioral5 behavioral6

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Loads dropped DLL

Async RAT payload

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6