asyncrat

General

Target

Lana_Rohder_IMG.zip
Size

322KB
Sample

231122-jq2txabf9x
MD5

25b23a0ded50daca59dae1a708a364bc
SHA1

2e526b866611a6d8650c362aa6fb3a3295c7a699
SHA256

b9a9697b82e9241331c6afe52abb1dd313227c158cc7ffa32ac68c95cd083d28
SHA512

d6ade0f25da9b6e2b0289422c9d2b56c7cbf5307340726c23ecc5d7560400549f3eab67ce0e347ac99141ed72f7a41dc47407b0dabb6a8659857c1e2b10027f1
SSDEEP

6144:M1ZqZy6ZraZWIUVBjpDL5TdivHY7L4eKpDHHV6x85/NRVyMLUVfLIIm3b:MfqZy69LpH5qY34e+nVE85gjpI3b

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

FUD

C2

141.95.84.40:4291

Mutex

acw2

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Lana_Rohder_IMG.zip
- Size
  
  322KB
- MD5
  
  25b23a0ded50daca59dae1a708a364bc
- SHA1
  
  2e526b866611a6d8650c362aa6fb3a3295c7a699
- SHA256
  
  b9a9697b82e9241331c6afe52abb1dd313227c158cc7ffa32ac68c95cd083d28
- SHA512
  
  d6ade0f25da9b6e2b0289422c9d2b56c7cbf5307340726c23ecc5d7560400549f3eab67ce0e347ac99141ed72f7a41dc47407b0dabb6a8659857c1e2b10027f1
- SSDEEP
  
  6144:M1ZqZy6ZraZWIUVBjpDL5TdivHY7L4eKpDHHV6x85/NRVyMLUVfLIIm3b:MfqZy69LpH5qY34e+nVE85gjpI3b
Score

1^/10
behavioral1 behavioral2
- Target
  
  '
- Size
  
  697KB
- MD5
  
  2a21115867353c3cb04732f5b175c1d3
- SHA1
  
  076c30b453a4c7684b116f02dc251b0b48b700f9
- SHA256
  
  5a406f27014327ba0a27040e03e7c106a0db28e11cf55679ef711ad8da09f6b8
- SHA512
  
  2bfd8a6199823a355a0945075334a4541743399503c731175c56b6f34af81cd39151d91d140a67211528e21f799c28d1f362f8e09a101b32552d1bf25738a058
- SSDEEP
  
  12288:m+Ep3f1vWkq0c0hjfkACwsu4Qk/CYaw+EKWM3:m+E7WUEpwsu6/CYT+EKv3
Score

1^/10
behavioral3 behavioral4
- Target
  
  Lana_Rohder_IMG.vbs
- Size
  
  110KB
- MD5
  
  fe59dd4ed289fd64e23704bd445d83c6
- SHA1
  
  895f78cf82753441c83d8acc6028f2af9c9004d2
- SHA256
  
  30d7035471759444c3cc6dc0dcab54245cce7c417382fb56d41d42256dd0c590
- SHA512
  
  475a65b9133f7795cd0df591821cfe2614e5d11e2a947de73fba2dd2dbc02903ffebbf1e4ff3e8f9f680d14e39cb939287f5071a7910d9ff903122bf0c328bf4
- SSDEEP
  
  3072:n03pXdSenFkCum03pvfpp03pp03pp03pA:kSeQr5
Score

10^/10

asyncrat fud persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Suspicious use of SetThreadContext
behavioral5 behavioral6