asyncrat | e00de00f1dd4187b6bd9e863ffcc29ca4101feb0ef1906e0f01864533244e3de | Triage

Submit
Reports

Overview

overview

Static

static

async_modified_0.zip

windows10-1703-x64

7

async_modified_0.zip

windows7-x64

async_modified_0.zip

windows10-2004-x64

1

Sharing

General

Target

async_modified_0.zip
Size

32.2MB
Sample

230602-pg6pdsbc56
MD5

489518b14412de03373efb0f6748c10d
SHA1

79407cb3ef838c74fed7af8ae2a15343a8061170
SHA256

e00de00f1dd4187b6bd9e863ffcc29ca4101feb0ef1906e0f01864533244e3de
SHA512

2e70cac4acba1f1ac20906463b82956ccf6c8ed6af59abd94251f697ae5decd0ffbe6d116b8ebb02d26388dfefdcec967fa3988be75fd9fc78a45f93c049b8be
SSDEEP

786432:G3B7Da83uoAOcbRRnMNHXUGrbFiuRrjqJgzS5VamIwsdzl09u/MWUApGa:GR7DaOuoLORRMdXUGrbssGJQUIwsF/9B

Score

10^/10

asyncrat default rat

Static task

static1

7 signatures

Behavioral task

behavioral1

Sample

async_modified_0.zip

Resource

win10-20230220-en

windows10-1703-x64

21 signatures

1800 seconds

Behavioral task

behavioral2

Sample

async_modified_0.zip

Resource

win7-20230220-en

asyncrat default rat

windows7-x64

16 signatures

1800 seconds

Behavioral task

behavioral3

Sample

async_modified_0.zip

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

1800 seconds

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  async_modified_0.zip
- Size
  
  32.2MB
- MD5
  
  489518b14412de03373efb0f6748c10d
- SHA1
  
  79407cb3ef838c74fed7af8ae2a15343a8061170
- SHA256
  
  e00de00f1dd4187b6bd9e863ffcc29ca4101feb0ef1906e0f01864533244e3de
- SHA512
  
  2e70cac4acba1f1ac20906463b82956ccf6c8ed6af59abd94251f697ae5decd0ffbe6d116b8ebb02d26388dfefdcec967fa3988be75fd9fc78a45f93c049b8be
- SSDEEP
  
  786432:G3B7Da83uoAOcbRRnMNHXUGrbFiuRrjqJgzS5VamIwsdzl09u/MWUApGa:GR7DaOuoLORRMdXUGrbssGJQUIwsF/9B
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultrat

behavioral3

© 2018-2024

Terms | Privacy