asyncrat | e593bbbea1e480fdd8018bdaf481ef9f76f6b7c8cf783603164633bb0f8b2979 | Triage

Submit
Reports

Overview

overview

Static

static

3

dridex

windows10-1703-x64

Sharing

General

Target

e593bbbea1e480fdd8018bdaf481ef9f76f6b7c8cf783603164633bb0f8b2979
Size

5KB
Sample

231208-h3jcnahg34
MD5

35beb6bfc19b4f3f1a0163f52870394a
SHA1

211362d1784343a46988ca4eae79bb6d99d68d0b
SHA256

e593bbbea1e480fdd8018bdaf481ef9f76f6b7c8cf783603164633bb0f8b2979
SHA512

bd4dc84de924069bf0adc12136badba67c89af49bbe1692631f25c674bce0f2e33c49820f72da019b0a28fe5ab646a438371458ddfe3ddde722b7438f0c86b77
SSDEEP

96:Ende79bSCbn4KLZDe5RuNDZPgDtENtUqwUNGOuKGd3ojfrl:WO9bZbn4KLZD+0NDZcSNtUqwUgiGdS

Score

10^/10

asyncrat zgrat winlozb rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e593bbbea1e480fdd8018bdaf481ef9f76f6b7c8cf783603164633bb0f8b2979.exe

Resource

win10-20231129-en

asyncrat zgrat winlozb rat

windows10-1703-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Winlozb

C2

46.1.103.124:2341

Mutex

Winlozb

Attributes

delay
3
install
false
install_file
Winlogzb
install_folder
%AppData%

aes.plain

Targets

- Target
  
  e593bbbea1e480fdd8018bdaf481ef9f76f6b7c8cf783603164633bb0f8b2979
- Size
  
  5KB
- MD5
  
  35beb6bfc19b4f3f1a0163f52870394a
- SHA1
  
  211362d1784343a46988ca4eae79bb6d99d68d0b
- SHA256
  
  e593bbbea1e480fdd8018bdaf481ef9f76f6b7c8cf783603164633bb0f8b2979
- SHA512
  
  bd4dc84de924069bf0adc12136badba67c89af49bbe1692631f25c674bce0f2e33c49820f72da019b0a28fe5ab646a438371458ddfe3ddde722b7438f0c86b77
- SSDEEP
  
  96:Ende79bSCbn4KLZDe5RuNDZPgDtENtUqwUNGOuKGd3ojfrl:WO9bZbn4KLZD+0NDZcSNtUqwUgiGdS
Score

10^/10

asyncrat zgrat winlozb rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratzgratwinlozbrat

© 2018-2024

Terms | Privacy