asyncrat | 89e2704e3362f2b31c7cfbfdcf6fd540f71d5375612edf318bbca1098da7cbb6 | Triage

Submit
Reports

Overview

overview

Static

static

3

Scan_06192020.exe

windows7-x64

Scan_06192020.exe

windows10-2004-x64

Sharing

General

Target

7fa59a3765d7c03a2e6c51aaac8dbf0b18449625357eae3523a46f048dda6331.zip
Size

113KB
Sample

231213-rd4fzafca2
MD5

ea9897a3d25763fb6d966fa414fd5653
SHA1

176a00b43ac34058ce13c83543c9a18b77f118b1
SHA256

89e2704e3362f2b31c7cfbfdcf6fd540f71d5375612edf318bbca1098da7cbb6
SHA512

bd809a67d7b597335e4ced1b92142097b0a069195c25d07643a14016410aef83ac383c30c44299822e121cbf32a9c81b75da3e859c648d567f46f96f90dc9860
SSDEEP

3072:werjyWSLuEeJbYJ2vBuEk6y6nDdLqU9Zmy0Pln:w+yWYuEUYssV4ZqU9Zmy0dn

Score

10^/10

asyncrat default rat rezer0

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Scan_06192020.exe

Resource

win7-20231023-en

asyncrat default rat rezer0

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

Scan_06192020.exe

Resource

win10v2004-20231127-en

asyncrat default rat rezer0

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

winx.xcapdatap.capetown:6204

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Scan_06192020.exe
- Size
  
  154KB
- MD5
  
  10c2b3afaeb7fe450852bb55c08f89d1
- SHA1
  
  ed5a0fbdd1a380bb5738ff3f03ea3f7b851e33e5
- SHA256
  
  847b3580cba59e7f4b453488c263544f3c481027d2ddf4f9f3988d84afc35c85
- SHA512
  
  709c44292e385c684c1af1e18c49a2f7a82b62faa685fe9226609c67d4e885dc5c3f820954c6c9cb0aa2d73de136070cb13b316ad08501bfe2869b577b858bce
- SSDEEP
  
  3072:bqOQcs8pmp5W4J44tDlsAU/UwtRUsUUc2fjRs+DVs+A1+HX5wsOZ4T3EMXckbNGV:bqLl2V7H6sA4bEMXc4VLvTGc
Score

10^/10

asyncrat default rat rezer0
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

asyncratdefaultratrezer0

behavioral2

asyncratdefaultratrezer0

© 2018-2024

Terms | Privacy