asyncrat

Sharing

Copy URL

Twitter E-mail

General

Target

einladen.zip
Size

3.7MB
Sample

240105-n4w8ssccg4
MD5

90a735776390749af61eff3b75335535
SHA1

512cacfe356a75ff3ca075d7bb06262335e8b4ad
SHA256

e443ab70ff3e4c6a296bbfda092423005ffb3c011d1a0ab21a3cc9a49842c455
SHA512

0d6d01f3196b91928051f6716f8b2313c88f03080f2d7b10f16bd5f91473fe8881c3e61094dcf26e1b134609a9a593ab74dc59e50abb4e2c498a13750591666d
SSDEEP

49152:NQLPaUyrMv8Q6aPn5AORMRBKzCzwJLbPb3V/KkhsbTLvX+HUNgLhqId:NQL4r65rRMIgQbPJT2PL/wUsqId

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

false

Botnet

Default

Mutex

test

Attributes

delay
3
install
false
install_file
Apple-iTunes.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  AppVIsvSubsystems64.dll
- Size
  
  2KB
- MD5
  
  4f744666d2a2dc95419208c61e42f163
- SHA1
  
  34712624aadd053f43703af860fe90e545bf1f0a
- SHA256
  
  4da57027ffe7e32c891334d6834923bc17e4174c53ace4ff69de6410c24d84cb
- SHA512
  
  e4a98c418cee32c5970d29729d0e8f4064ce30a47a8f1f076ab0e869b0ef618f7e6aac3859acc02b887b5a47b69f3d8f43561d68740491bdfea729049cf748fc
Score

1^/10
behavioral1
- Target
  
  EmpireClient.exe
- Size
  
  61KB
- MD5
  
  e81f079235a75b064ea503d86251f9f2
- SHA1
  
  88b32ea430b21428ea64955a43f45665aac7955d
- SHA256
  
  db84db8c5d76f6001d5503e8e4b16cdd3446d5535c45bbb0fca76cfec40f37cc
- SHA512
  
  e588d689c3f7ef0384f115aca0638618b267837a88ffa8c5eb2983d81f03240ad42bd12695f4e81c1617fac86f0563d44ba4fc8070b7c1b110292607eafe26c4
- SSDEEP
  
  1536:iEOmtRpMee5fZeidiaDpbfod+PvRupWN34t0Kf+:bzpMKidZpbfFP5uk5gNm
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
behavioral2
- Target
  
  Invitation.pdf
- Size
  
  24KB
- MD5
  
  dfbdd308e22898f680b6c2c8eb052fb5
- SHA1
  
  fdc29d3caac12ab8978761bd4bbbd5a13158cee9
- SHA256
  
  19442634bc2e0bfa6d08b7be333a351b932a517a1002c0e1c49fea8381372a6e
- SHA512
  
  d6857f3005dfa1d6d7e18b5826ea842181a5727da576e5e2c939013e610d00fd0ce0843503484f02c596b3998fa91740258552f1fbb9fc2fdb5bd27db3d74100
- SSDEEP
  
  768:HDiJcwcXnwXjzHiVXwna4ixDloMv0LpxBYS0rWzB:jKcrXnSjytJHcFxBgrWzB
Score

1^/10
behavioral3
- Target
  
  Invitation_Farewell_DE_EMB.hta
- Size
  
  294KB
- MD5
  
  d67f83dcda6d01bedf08a51df7415d14
- SHA1
  
  edb0330dfbce0ef6806cc604a4582c7ea5c350e5
- SHA256
  
  044c42788cfe2b14b5bd3ff6e51f3b1e10983be1a3641165f10a1a3c8d9b2eb0
- SHA512
  
  cd315358aae8546f00b8becd6e668f67cc6fc4e338497aed341f8ee12d6b48c3baa5d1d01dba2a295cfa8292229bea19fc1887154ede3ccdcf1a393f6313f314
- SSDEEP
  
  1536:WuCDtBieTX2HR554VnFZBCgUDRCRRRRRRRRRRRRRRRRRCxRRRRRRRRhtRRRRRRRM:2
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral4
- Target
  
  Invitation_Farewell_DE_EMB.zip
- Size
  
  81KB
- MD5
  
  d6986d991c41afcc2e71fc30bde851d1
- SHA1
  
  7b49ea968485bb0e60bf3b55ecf499b5004e2d4e
- SHA256
  
  5d4bf026fad40979541efd2419ec0b042c8cf83bc1a61cbcc069efe0069ccd27
- SHA512
  
  7e82a4b7cd95fe405ebad8d0b7cdffd24c8f794b89be76b8a39891c93af4de2100c7dcae92a4dbaf0e4ba92e8fb22cf758f789d21bb0824599748106c2db5638
- SSDEEP
  
  1536:e9IrdWGOphO5jKVxRELf/vBEbA43/Ip9FZPnI4DrAliqhdsesKLtu6Iu4:66dj8sQw3fGApNXmxsess06Iu4
Score

1^/10
behavioral5
- Target
  
  Invitation_Farewell_DE_EMB.hta
- Size
  
  294KB
- MD5
  
  d67f83dcda6d01bedf08a51df7415d14
- SHA1
  
  edb0330dfbce0ef6806cc604a4582c7ea5c350e5
- SHA256
  
  044c42788cfe2b14b5bd3ff6e51f3b1e10983be1a3641165f10a1a3c8d9b2eb0
- SHA512
  
  cd315358aae8546f00b8becd6e668f67cc6fc4e338497aed341f8ee12d6b48c3baa5d1d01dba2a295cfa8292229bea19fc1887154ede3ccdcf1a393f6313f314
- SSDEEP
  
  1536:WuCDtBieTX2HR554VnFZBCgUDRCRRRRRRRRRRRRRRRRRCxRRRRRRRRhtRRRRRRRM:2
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral6
- Target
  
  Logfile.PML
- Size
  
  14.6MB
- MD5
  
  07a4675944bd94f253b980876250a122
- SHA1
  
  0711c3ded30f2bc9ed92247a615c797ae8c4a6b6
- SHA256
  
  96d36b06d2d144ea73e184a020ecebba9f72e2797ae583902fdf960aa41bf582
- SHA512
  
  5efb40dac9d89d382107f5bc149a79ae60bb30535ac429f9c22f404ba24e016bae6f0f11db91dd923595b3c3d543cf03ad4e6a507c010b62a924ab7c7316d126
- SSDEEP
  
  49152:j6jZNR/H2x44+ecLefFJTW5ryTLba0TeaTqZt6abbfxGQB6TBVsd:j6jZNR/e44JVTW5ryT8bZGQgTBWd
Score

1^/10
behavioral7
- Target
  
  downloader.html
- Size
  
  293KB
- MD5
  
  5ebb7f4444f79a0f1fc54e3644ea4809
- SHA1
  
  57f05fb36a4b1d44b3cc7d9f39b4d46319f49f8b
- SHA256
  
  e88b8e144c4504e3ea16b829508edaf15b1292681618468cd87d467e9a446402
- SHA512
  
  18d98708d4442e92e48606e803bd890be7ee211a31b31eeb5828d82aac8adab85d7c42672adc1806f987ec03b72507fde109ae247691773f70c80fa8de08c477
- SSDEEP
  
  1536:M0rMU2tiqxQk8H74Zbv9C0SVkC+OijAcnIflXjK95bmngyc0We9T4Axy0Iozs2DR:d
Score

1^/10
behavioral8
- Target
  
  mso.dll
- Size
  
  32KB
- MD5
  
  0be11b4f34ede748892ea49e473d82db
- SHA1
  
  15d9b5a0d442e9dccf1e0f0ded34f7b6014c47b6
- SHA256
  
  ae79aa17e6f3cc8e816e32335738b61b343e78c20abb8ae044adfeac5d97bf70
- SHA512
  
  79438ae155cf84332f4bab7e599f9d417ebfd655b6f516efd53c9496681f98b5444abd37ccb85094f6c02184a7b6234291555589819e19ca470490dab18787d9
- SSDEEP
  
  384:89IG7pXpzg6UQ60sGae6ESoojU0TVQOpSciVY62MpUIWKL8EgGJONYebWTrJujzo:8VtkdXe6MGvQpxVYfMKyeGJ6fyU
Score

1^/10
behavioral9
- Target
  
  msoev.exe
- Size
  
  58KB
- MD5
  
  3a3ae35e1bfeff68ed9748c801ed0809
- SHA1
  
  7e8e41d0d0a854e5454d5d7a1a8a094b54d31a8b
- SHA256
  
  06cea3a5ef9641bea4704e9f6d2ed13286f9e5ec7ab43f8067f15b5a41053d33
- SHA512
  
  b70a7650b79ffcf72377e89e016905a296c8e1e46a8f0066970e2069b32988bf6019ed742d03bc18cbbdf76e29889538810fa84e11790c9bd626d3f6fb1a54cc
- SSDEEP
  
  768:vS9j5z3Zh1ZwpUBhCrVPv4D92CKMzA8x9zS/Rtox9zqcCo:v05Fh1ZBhCJPQDgCKMzA8jzSZtojzqNo
Score

5^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral10
- Target
  
  msoev.pcapng
- Size
  
  52KB
- MD5
  
  aad393478839f2d716c857410506801d
- SHA1
  
  8e6924276351db7f524fba8d60d33d6d4799ffde
- SHA256
  
  839e87860b2393365fe7f461d905ff997278c01538d784768d376db598c5d741
- SHA512
  
  c271f0e39709eba7da51f45a40ad77dfc026d60f04cfd2df0b3fa7c59662536c9aa0327dd2372a8aaa2c17d645d1852848930e2263255aeb07d390c2a3641bf3
- SSDEEP
  
  384:8wpdldC3rj0F6HdDAYA8keWuWkeq7bLEaDrrT8R9IMjF+XjsmaFJ27nczyXH9n8L:1IHx9pZWGl8R9I6MfPH9nU8tg
Score

3^/10
behavioral11
- Target
  
  sheet.hta
- Size
  
  2.7MB
- MD5
  
  2c3231b88b767d7d01eefbd05868b3a8
- SHA1
  
  9ffee579e27f7e658a2f8130d853d34e773a9c28
- SHA256
  
  90f54fa2d59842359840b4dff68127bfe0a1f34fe88c0079fe516c9119ffc90d
- SHA512
  
  052ffe6578417bf34c1e8d621044ccefa5ab0d97b7dfeada077fd3af752a6c679bb4b708bdd3132bb9d3721fa2c4e9b97e5688ec822c737bdff42d2329517db8
- SSDEEP
  
  24576:zNAAb8qgTiiPJQ7ATsutd+6ZTE814Az4wm8fzBXokSGikMaLch3RGW1a37D:BymqS7AW8TEzcFSlDhRJ8
Score

1^/10
behavioral12
- Target
  
  unc.js
- Size
  
  173KB
- MD5
  
  83bd20c01e9d54dc72a7cf9e8671592f
- SHA1
  
  78d4054d7323f7caa9bb132d95ce9b1c735ff897
- SHA256
  
  1754dd14b25884fb4c7fc1663cb56a8c169efdd59e173aa1573cd24eda21c393
- SHA512
  
  9f718baf971ef67be3a5263708353a34efe9d212c48a9ad3da9d067e1fc2778654bd695fd950f18d29b738ffc3b0780dca58ff739e3212130e28ab4092b21bef
- SSDEEP
  
  3072:VKTGXlG2ZMXXr7iP+C+AYRXCVu1zNwcv9qBy1HOg8SMpQ47GKr:VKp3aP+C+AYP1zWi9qgsgUpQ47GKr
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral13

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Async RAT payload

Executes dropped EXE

Loads dropped DLL

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

AsyncRat

Async RAT payload

Checks computer location settings

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13