asyncrat | 74e8b8df8bf176cfdae5381336e466b0af5149ad92b877b95ddbb5f5d911e83d | Triage

Submit
Reports

Overview

overview

Static

static

3

74e8b8df8b...3d.exe

windows7-x64

74e8b8df8b...3d.exe

windows10-2004-x64

Sharing

General

Target

74e8b8df8bf176cfdae5381336e466b0af5149ad92b877b95ddbb5f5d911e83d
Size

1.8MB
Sample

231011-aafr3abc24
MD5

5e189818e7a91f70ab650334d2fa9185
SHA1

625448d0cb20fec36503e01da474ec80b7f4b39a
SHA256

74e8b8df8bf176cfdae5381336e466b0af5149ad92b877b95ddbb5f5d911e83d
SHA512

e7ec4455753e7453c39e3839a8d958b23a1c823666447bcd472c5ce481288b01a450e6edf8b259d70b28adec0bc773203170024ce65984642e9515d102d2f038
SSDEEP

49152:8I3YCPorTf5p7Fx1qd3m+JiGeatgs+kL1R:8SPO5p7YN1J9tgs31R

Score

10^/10

asyncrat default rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

74e8b8df8bf176cfdae5381336e466b0af5149ad92b877b95ddbb5f5d911e83d.exe

Resource

win7-20230831-en

asyncrat default rat

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

74e8b8df8bf176cfdae5381336e466b0af5149ad92b877b95ddbb5f5d911e83d.exe

Resource

win10v2004-20230915-en

asyncrat default rat

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

0.tcp.ap.ngrok.io:10816

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  74e8b8df8bf176cfdae5381336e466b0af5149ad92b877b95ddbb5f5d911e83d
- Size
  
  1.8MB
- MD5
  
  5e189818e7a91f70ab650334d2fa9185
- SHA1
  
  625448d0cb20fec36503e01da474ec80b7f4b39a
- SHA256
  
  74e8b8df8bf176cfdae5381336e466b0af5149ad92b877b95ddbb5f5d911e83d
- SHA512
  
  e7ec4455753e7453c39e3839a8d958b23a1c823666447bcd472c5ce481288b01a450e6edf8b259d70b28adec0bc773203170024ce65984642e9515d102d2f038
- SSDEEP
  
  49152:8I3YCPorTf5p7Fx1qd3m+JiGeatgs+kL1R:8SPO5p7YN1J9tgs31R
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat

© 2018-2024

Terms | Privacy