asyncrat | 1b3cabb09aa612118c9f13c63c39fb8281991c5a802d0815f3f36655c1b5bdae | Triage

Submit
Reports

Overview

overview

Static

static

3

fed-ethereal.exe

windows7-x64

7

fed-ethereal.exe

windows10-2004-x64

extend.pyc

windows7-x64

3

extend.pyc

windows10-2004-x64

3

Sharing

General

Target

fed-ethereal.exe
Size

46.1MB
Sample

231105-l78d5agb63
MD5

2e85525347ca88fd99f5915c07106873
SHA1

951808febe174bb345e61622d0e890a86c36a3a6
SHA256

1b3cabb09aa612118c9f13c63c39fb8281991c5a802d0815f3f36655c1b5bdae
SHA512

1fac6d91f2d8b31af25abd90479d94974a0c561054e56d3ea27c69fe02b02187479e583c1d5e4b55b2fbb88f95b8f079673625303f6dedc63b3f247256e2336a
SSDEEP

786432:57r3dPKRJvrHiRyc0eacOHzeMKVxzx5c6OHzeMKVxzx5cU5FpYQiln3p:5FQJvrHLc0eacOHzDCd5c6OHzDCd5cUM

Score

10^/10

asyncrat def pyinstaller rat

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

fed-ethereal.exe

Resource

win7-20231020-en

windows7-x64

8 signatures

300 seconds

Behavioral task

behavioral2

Sample

fed-ethereal.exe

Resource

win10v2004-20231023-en

asyncrat def rat

windows10-2004-x64

16 signatures

300 seconds

Behavioral task

behavioral3

Sample

extend.pyc

Resource

win7-20231020-en

windows7-x64

5 signatures

300 seconds

Behavioral task

behavioral4

Sample

extend.pyc

Resource

win10v2004-20231020-en

windows10-2004-x64

4 signatures

300 seconds

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

def

C2

37.18.62.18:8060

Mutex

era2312swe12-1213rsgdkms23

Attributes

delay
1
install
true
install_file
CCXProcess.exe
install_folder
%Temp%

aes.plain

Targets

- Target
  
  fed-ethereal.exe
- Size
  
  46.1MB
- MD5
  
  2e85525347ca88fd99f5915c07106873
- SHA1
  
  951808febe174bb345e61622d0e890a86c36a3a6
- SHA256
  
  1b3cabb09aa612118c9f13c63c39fb8281991c5a802d0815f3f36655c1b5bdae
- SHA512
  
  1fac6d91f2d8b31af25abd90479d94974a0c561054e56d3ea27c69fe02b02187479e583c1d5e4b55b2fbb88f95b8f079673625303f6dedc63b3f247256e2336a
- SSDEEP
  
  786432:57r3dPKRJvrHiRyc0eacOHzeMKVxzx5c6OHzeMKVxzx5cU5FpYQiln3p:5FQJvrHLc0eacOHzDCd5c6OHzDCd5cUM
Score

10^/10

asyncrat def rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  extend.pyc
- Size
  
  71KB
- MD5
  
  8692107da56c59eebf7a7d1180635734
- SHA1
  
  f0497d53f859a7c9c89a7d67c6f12db348d21d27
- SHA256
  
  dd3779c087706c054a6da213ada0c3f7e31f047719386b59bb125e9826a442e1
- SHA512
  
  28de43fe0de6d411b5d99e1e10c033ea881da9e6c5ee843ff4b9ac3676f8566df8e295d2ce331ede7b2d5de9af73d047dd57d4cde68fe3930ea7cbb7d7553fe3
- SSDEEP
  
  1536:CGX4Z6x28DEo3zZUdWTFc9a3OWYE9rQwvyNhi:NWto3mduFc9a3OW1UwvyNhi
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

© 2018-2024

Terms | Privacy