asyncrat

General

Target

bf4f7264ef324c5c14dccd8679685d3f
Size

749KB
Sample

231228-dtzwtsbbhj
MD5

bf4f7264ef324c5c14dccd8679685d3f
SHA1

055a91cacfa6756ae1bf9d603ddea5e9b1b8f684
SHA256

8fdc412291f33a96a35c93d3d2bf03b338054509cd855f60109809a8e74100fe
SHA512

703b160a1ea781c12540f4bbba970b1d5d60be2bb83b0982cfb7b6e7b0db7d6cd50637c6c5a9cde433dc353f7228d157ec0400789272a47833c3d08438805e90
SSDEEP

12288:nUOTuurJr8VWrdMi4/Bfj+fqQ0eaQWH4X1/t6obHX8Rk+e8MTgtNxtxiF1kgDWS/:jrGVG2ZeaElv8lHz

Score

10^/10

Malware Config

Extracted

Family

azorult

C2

http://aka-mining.com/wordpress@/index.php

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

noip

C2

rocking.ddns.net:55714

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
image.exe
install_folder
%Temp%

aes.plain

Targets

- Target
  
  bf4f7264ef324c5c14dccd8679685d3f
- Size
  
  749KB
- MD5
  
  bf4f7264ef324c5c14dccd8679685d3f
- SHA1
  
  055a91cacfa6756ae1bf9d603ddea5e9b1b8f684
- SHA256
  
  8fdc412291f33a96a35c93d3d2bf03b338054509cd855f60109809a8e74100fe
- SHA512
  
  703b160a1ea781c12540f4bbba970b1d5d60be2bb83b0982cfb7b6e7b0db7d6cd50637c6c5a9cde433dc353f7228d157ec0400789272a47833c3d08438805e90
- SSDEEP
  
  12288:nUOTuurJr8VWrdMi4/Bfj+fqQ0eaQWH4X1/t6obHX8Rk+e8MTgtNxtxiF1kgDWS/:jrGVG2ZeaElv8lHz
Score

10^/10

asyncrat azorult zgrat noip infostealer rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Async RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

1

T1053

Persistence

Scheduled Task/Job

1

T1053

Privilege Escalation

Scheduled Task/Job

1

T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Azorult

Detect ZGRat V1

ZGRat

Async RAT payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2