asyncrat | 8d7c354cc8866c00da25ffb73d535596f4f77ca8ce7c0312bd39db103aa3403c | Triage

Submit
Reports

Overview

overview

Static

static

3

23941d1204...43.exe

windows7-x64

23941d1204...43.exe

windows10-2004-x64

Sharing

General

Target

23941d12046f5a430d4ea87494091743
Size

452KB
Sample

231225-q9fjcaffb3
MD5

23941d12046f5a430d4ea87494091743
SHA1

476fcec06271d128340b5e0190647cd6484c6673
SHA256

8d7c354cc8866c00da25ffb73d535596f4f77ca8ce7c0312bd39db103aa3403c
SHA512

1f2bd49c21a953e53de0890c45feec71b0aa02c0d7caef875e0bc9ff30863199ffc39dac3f6721e84a7829483457ebc05ddfa7587ac701568b5f89194352bf86
SSDEEP

12288:JBuaG/EM0/3YM0zEYQOE9EVSb0FEs2c/ATcqSqQIn:7uaGbqQ4b0550cSJ

Score

10^/10

asyncrat azorult zgrat default infostealer persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

23941d12046f5a430d4ea87494091743.exe

Resource

win7-20231215-en

asyncrat zgrat default rat

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

23941d12046f5a430d4ea87494091743.exe

Resource

win10v2004-20231215-en

asyncrat azorult zgrat default infostealer persistence rat trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

gpmaw.duckdns.org:3040

gpmaw.duckdns.org:2020

gpmaw.duckdns.org:4040

hpdndbnb.duckdns.org:3040

hpdndbnb.duckdns.org:2020

hpdndbnb.duckdns.org:4040

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_file
Acrobat Reader .exe
install_folder
%AppData%

aes.plain

Extracted

Family

azorult

C2

http://truthbetoldlvlup.onlinewebshop.net/mf/index.php

Targets

- Target
  
  23941d12046f5a430d4ea87494091743
- Size
  
  452KB
- MD5
  
  23941d12046f5a430d4ea87494091743
- SHA1
  
  476fcec06271d128340b5e0190647cd6484c6673
- SHA256
  
  8d7c354cc8866c00da25ffb73d535596f4f77ca8ce7c0312bd39db103aa3403c
- SHA512
  
  1f2bd49c21a953e53de0890c45feec71b0aa02c0d7caef875e0bc9ff30863199ffc39dac3f6721e84a7829483457ebc05ddfa7587ac701568b5f89194352bf86
- SSDEEP
  
  12288:JBuaG/EM0/3YM0zEYQOE9EVSb0FEs2c/ATcqSqQIn:7uaGbqQ4b0550cSJ
Score

10^/10

asyncrat zgrat default rat azorult infostealer persistence trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Detect ZGRat V1
- Modifies WinLogon for persistence
  persistence
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratzgratdefaultrat

behavioral2

asyncratazorultzgratdefaultinfostealerpersistencerattrojan

© 2018-2024

Terms | Privacy