asyncrat | 0430110381976669226247e7c5403ac61f4d419c7fa223231ce5c9af7cd3bbf1 | Triage

Submit
Reports

Overview

overview

Static

static

1

54c5be1e20...84.exe

windows7-x64

54c5be1e20...84.exe

windows10-2004-x64

Sharing

General

Target

54c5be1e2056c9d591b7e35853ca4a84
Size

585KB
Sample

240111-2lhjksaff4
MD5

54c5be1e2056c9d591b7e35853ca4a84
SHA1

c00bd4d0c3b6060dde5095c4c6938badf1b29eda
SHA256

0430110381976669226247e7c5403ac61f4d419c7fa223231ce5c9af7cd3bbf1
SHA512

8d6e219729f8a981c94b7e8d7b5f2bf764367b096381abaa3033171c590587b00ced309e641a9955f60c3836fc366c91bfd90414216373cd91e66ab2f24a4c75
SSDEEP

6144:5jrbYSqQ/Gq/lqLrBOOfd0tV9D8DT/XELB:5nb/xq0V9ATfWB

Score

10^/10

asyncrat wire$$$$$$$$rat

Static task

static1

Behavioral task

behavioral1

Sample

54c5be1e2056c9d591b7e35853ca4a84.exe

Resource

win7-20231215-en

asyncrat wire$$$$$$$$rat

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

54c5be1e2056c9d591b7e35853ca4a84.exe

Resource

win10v2004-20231215-en

asyncrat wire$$$$$$$$rat

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

WIRE$$$$$$$$

C2

severdops.ddns.net:6204

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
iconfx.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  54c5be1e2056c9d591b7e35853ca4a84
- Size
  
  585KB
- MD5
  
  54c5be1e2056c9d591b7e35853ca4a84
- SHA1
  
  c00bd4d0c3b6060dde5095c4c6938badf1b29eda
- SHA256
  
  0430110381976669226247e7c5403ac61f4d419c7fa223231ce5c9af7cd3bbf1
- SHA512
  
  8d6e219729f8a981c94b7e8d7b5f2bf764367b096381abaa3033171c590587b00ced309e641a9955f60c3836fc366c91bfd90414216373cd91e66ab2f24a4c75
- SSDEEP
  
  6144:5jrbYSqQ/Gq/lqLrBOOfd0tV9D8DT/XELB:5nb/xq0V9ATfWB
Score

10^/10

asyncrat wire$$$$$$$$rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

asyncratwire$$$$$$$$rat

behavioral2

asyncratwire$$$$$$$$rat

© 2018-2024

Terms | Privacy