asyncrat | 0f8467fc257fde33ed91a4437303227c1ecbfeb6838b37c77d6a990819ea36da | Triage

Sharing

General

Target

generator.exe
Size

23.0MB
Sample

230923-vj3y6sha7y
MD5

2e11e2c532629a74cceb1b85e91d44b3
SHA1

a7b785e31ce6228d66834b64b6ad6295c33dc5eb
SHA256

0f8467fc257fde33ed91a4437303227c1ecbfeb6838b37c77d6a990819ea36da
SHA512

9b53cb953aef1baf3e7bfef05e9a5ceaeb715b695dc8af5036cbe274f41bdfe85006f4d58e4f5e46ed1d37791e38ad1ed3de2c01814af2cce03684135228eb4b
SSDEEP

393216:WFQtstvdqEr7M5liRdQJlEwF3MnG3otl53oaeqr5Ak1eDBTW3WTseO5J:EQtstVn7M5lkdQ13MGYNxyhBT15y

Score

10^/10

asyncrat def pyinstaller rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

def

C2

37.18.62.18:8060

Mutex

era2312swe12-1213rsgdkms23

Attributes

delay
1
install
true
install_file
CCXProcess.exe
install_folder
%Temp%

aes.plain

Targets

- Target
  
  generator.exe
- Size
  
  23.0MB
- MD5
  
  2e11e2c532629a74cceb1b85e91d44b3
- SHA1
  
  a7b785e31ce6228d66834b64b6ad6295c33dc5eb
- SHA256
  
  0f8467fc257fde33ed91a4437303227c1ecbfeb6838b37c77d6a990819ea36da
- SHA512
  
  9b53cb953aef1baf3e7bfef05e9a5ceaeb715b695dc8af5036cbe274f41bdfe85006f4d58e4f5e46ed1d37791e38ad1ed3de2c01814af2cce03684135228eb4b
- SSDEEP
  
  393216:WFQtstvdqEr7M5liRdQJlEwF3MnG3otl53oaeqr5Ak1eDBTW3WTseO5J:EQtstVn7M5lkdQ13MGYNxyhBT15y
Score

10^/10

asyncrat def rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  loader91.pyc
- Size
  
  71KB
- MD5
  
  08c45726fb505b0cfdb24a21566c8fb1
- SHA1
  
  4b02840b9baf30f78c9d3c1ca13125d645ed7e24
- SHA256
  
  1d661b2012f4a9095c3fb3bb113b4e9d56f182c9f2d42bf2887f2de985b7a8f9
- SHA512
  
  02dd914bbec05f56d2d8e3689756cb0ce01062024efae52a5a47139b60c530af75778e2d42f87ad73df4279d5a316bee233ee1ebdd44cac7ef212c8f28bc8375
- SSDEEP
  
  768:i2LGdsiZzByZ6x4TWBb6qJC2KVBmT63YCOIrj81AXPzrHMGcM5kHLvSZAprHIWn2:jGV4Z6xt6z2Y7jfoDTeWcE9rqw9ZNhY
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4