Triage | Malware sandboxing report by Hatching Triage

Submit
Reports

Overview

overview

Static

static

AsyncClient.exe

windows7-x64

AsyncClient.exe

windows10-2004-x64

Resubmissions

05-06-2023 15:07

230605-shb3yshc58 10

05-06-2023 14:59

230605-scshrahc39 10

Sharing

General

Target

AsyncClient.exe
Size

45KB
Sample

230605-scshrahc39
MD5

11c12e50d5c5b0ae6578f770bfb41671
SHA1

87c61e6cad8bf6be174e087784bc5f204648ebe7
SHA256

e2be314cb5392f83e23694be4e43326f746e0067012a5f423d72b2ecc3bb1575
SHA512

b9c0a081c9c2efb87fc34877d508d0bc7a0504882fd04716535cfb6cea3e5dfe64e7ea834f444903de3f334d625f3a45c58508d68c6ee9853dd60d13e10f463a
SSDEEP

768:ju0OVTBRlc6nWUbmelmo2qjrKjGKG6PIyzjbFgX3i9PjHrVFvyrLxBDZjx:ju0OVTBnck26KYDy3bCXSpjHrVdyrrdd

Score

10^/10

asyncrat default rat

Static task

static1

rat default asyncrat

3 signatures

Behavioral task

behavioral1

Sample

AsyncClient.exe

Resource

win7-20230220-en

asyncrat default rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

AsyncClient.exe

Resource

win10v2004-20230220-en

asyncrat default rat

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

127.0.0.1:15491

127.0.0.1:8080

195.78.54.247:15491

195.78.54.247:8080

2.tcp.eu.ngrok.io:15491

2.tcp.eu.ngrok.io:8080

Attributes

delay
3
install
true
install_file
awdawd.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  AsyncClient.exe
- Size
  
  45KB
- MD5
  
  11c12e50d5c5b0ae6578f770bfb41671
- SHA1
  
  87c61e6cad8bf6be174e087784bc5f204648ebe7
- SHA256
  
  e2be314cb5392f83e23694be4e43326f746e0067012a5f423d72b2ecc3bb1575
- SHA512
  
  b9c0a081c9c2efb87fc34877d508d0bc7a0504882fd04716535cfb6cea3e5dfe64e7ea834f444903de3f334d625f3a45c58508d68c6ee9853dd60d13e10f463a
- SSDEEP
  
  768:ju0OVTBRlc6nWUbmelmo2qjrKjGKG6PIyzjbFgX3i9PjHrVFvyrLxBDZjx:ju0OVTBnck26KYDy3bCXSpjHrVdyrrdd
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat

© 2018-2023

Terms | Privacy