asyncrat | 0f8467fc257fde33ed91a4437303227c1ecbfeb6838b37c77d6a990819ea36da | Triage

Submit
Reports

Overview

overview

Static

static

3

generator.exe

windows7-x64

7

generator.exe

windows10-2004-x64

Sharing

General

Target

generator.exe
Size

23.0MB
Sample

231012-bjcx7seh2s
MD5

2e11e2c532629a74cceb1b85e91d44b3
SHA1

a7b785e31ce6228d66834b64b6ad6295c33dc5eb
SHA256

0f8467fc257fde33ed91a4437303227c1ecbfeb6838b37c77d6a990819ea36da
SHA512

9b53cb953aef1baf3e7bfef05e9a5ceaeb715b695dc8af5036cbe274f41bdfe85006f4d58e4f5e46ed1d37791e38ad1ed3de2c01814af2cce03684135228eb4b
SSDEEP

393216:WFQtstvdqEr7M5liRdQJlEwF3MnG3otl53oaeqr5Ak1eDBTW3WTseO5J:EQtstVn7M5lkdQ13MGYNxyhBT15y

Score

10^/10

asyncrat def pyinstaller rat

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

generator.exe

Resource

win7-20230831-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

generator.exe

Resource

win10v2004-20230915-en

asyncrat def rat

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

def

C2

37.18.62.18:8060

Mutex

era2312swe12-1213rsgdkms23

Attributes

delay
1
install
true
install_file
CCXProcess.exe
install_folder
%Temp%

aes.plain

Targets

- Target
  
  generator.exe
- Size
  
  23.0MB
- MD5
  
  2e11e2c532629a74cceb1b85e91d44b3
- SHA1
  
  a7b785e31ce6228d66834b64b6ad6295c33dc5eb
- SHA256
  
  0f8467fc257fde33ed91a4437303227c1ecbfeb6838b37c77d6a990819ea36da
- SHA512
  
  9b53cb953aef1baf3e7bfef05e9a5ceaeb715b695dc8af5036cbe274f41bdfe85006f4d58e4f5e46ed1d37791e38ad1ed3de2c01814af2cce03684135228eb4b
- SSDEEP
  
  393216:WFQtstvdqEr7M5liRdQJlEwF3MnG3otl53oaeqr5Ak1eDBTW3WTseO5J:EQtstVn7M5lkdQ13MGYNxyhBT15y
Score

10^/10

asyncrat def rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy