asyncrat | a5b7a0f311693383814b25bbc0779e9a3fd4c56fb5d0aef6af3e4ff49926b6e2 | Triage

Submit
Reports

Overview

overview

Static

static

4F67BD027C...03.exe

windows7-x64

4F67BD027C...03.exe

windows10-2004-x64

Sharing

General

Target

4F67BD027CBC6AE58D42777050C8F103.exe
Size

100KB
Sample

231206-vq77gaah57
MD5

4f67bd027cbc6ae58d42777050c8f103
SHA1

12c402049cb4a6f92d5c00cc5cc926a15763df88
SHA256

a5b7a0f311693383814b25bbc0779e9a3fd4c56fb5d0aef6af3e4ff49926b6e2
SHA512

6efcc23e9b6abb0943a513de153744fb97fc923d87c4b392d0a2514fb85190a38479c99a85cef00c38b4663984e0fcfee40bbacbffb72482f072cd0167c48a38
SSDEEP

3072:hugTTcIb25skDy3bCinN90uHQbPRyZ2pPYjq:hugZK5O3bxzD8AZ2j

Score

10^/10

asyncrat zgrat github pyinstaller rat spyware stealer upx

Static task

static1

rat github asyncrat

3 signatures

Behavioral task

behavioral1

Sample

4F67BD027CBC6AE58D42777050C8F103.exe

Resource

win7-20231201-en

asyncrat zgrat github pyinstaller rat spyware stealer upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

4F67BD027CBC6AE58D42777050C8F103.exe

Resource

win10v2004-20231127-en

asyncrat zgrat github pyinstaller rat spyware stealer upx

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

github

C2

trbe.mentality.cloud:6606

trbe.mentality.cloud:7707

trbe.mentality.cloud:8808

Mutex

KAtgcMRAwDz0

Attributes

delay
3
install
true
install_file
Printer.exe
install_folder
%Temp%

aes.plain

Targets

- Target
  
  4F67BD027CBC6AE58D42777050C8F103.exe
- Size
  
  100KB
- MD5
  
  4f67bd027cbc6ae58d42777050c8f103
- SHA1
  
  12c402049cb4a6f92d5c00cc5cc926a15763df88
- SHA256
  
  a5b7a0f311693383814b25bbc0779e9a3fd4c56fb5d0aef6af3e4ff49926b6e2
- SHA512
  
  6efcc23e9b6abb0943a513de153744fb97fc923d87c4b392d0a2514fb85190a38479c99a85cef00c38b4663984e0fcfee40bbacbffb72482f072cd0167c48a38
- SSDEEP
  
  3072:hugTTcIb25skDy3bCinN90uHQbPRyZ2pPYjq:hugZK5O3bxzD8AZ2j
Score

10^/10

asyncrat zgrat github pyinstaller rat spyware stealer upx
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

ratgithubasyncrat

behavioral1

asyncratzgratgithubpyinstallerratspywarestealerupx

behavioral2

asyncratzgratgithubpyinstallerratspywarestealerupx

© 2018-2024

Terms | Privacy