asyncrat | e7c7270706fd08006d6a5c4dcf5ba4f127373c33a856f5d40563ddd4627ac803 | Triage

Submit
Reports

Overview

overview

Static

static

3

68f66a98a0...c3.exe

windows7-x64

68f66a98a0...c3.exe

windows10-2004-x64

Sharing

General

Target

68f66a98a0455e5795c576e39ac1d4c3
Size

824KB
Sample

240119-3z6n1agde3
MD5

68f66a98a0455e5795c576e39ac1d4c3
SHA1

0ebb63db3e53efe202d280426d899625760474a1
SHA256

e7c7270706fd08006d6a5c4dcf5ba4f127373c33a856f5d40563ddd4627ac803
SHA512

2da88a9e5ce9e40b775fe90e181b80ac1e8d29e1894fd96619fb31a6cccf5d65cb7e8a815b6475243f074291c109542d0a86f1af07632b1b47b0091d41886f35
SSDEEP

12288:xM8wyXeZv9NzhRo9HjHJiSQ90oRWybuMj4RJT3QG+mRHpqApXiW6PVaICPCSP7oy:K838W7Z/rX0l/

Score

10^/10

asyncrat azorult zgrat noip infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

68f66a98a0455e5795c576e39ac1d4c3.exe

Resource

win7-20231215-en

asyncrat azorult zgrat noip infostealer rat trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

68f66a98a0455e5795c576e39ac1d4c3.exe

Resource

win10v2004-20231215-en

asyncrat azorult zgrat noip infostealer rat trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

azorult

C2

http://aka-mining.com/wordpress@/index.php

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

noip

C2

rocking.ddns.net:55714

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
image.exe
install_folder
%Temp%

aes.plain

Targets

- Target
  
  68f66a98a0455e5795c576e39ac1d4c3
- Size
  
  824KB
- MD5
  
  68f66a98a0455e5795c576e39ac1d4c3
- SHA1
  
  0ebb63db3e53efe202d280426d899625760474a1
- SHA256
  
  e7c7270706fd08006d6a5c4dcf5ba4f127373c33a856f5d40563ddd4627ac803
- SHA512
  
  2da88a9e5ce9e40b775fe90e181b80ac1e8d29e1894fd96619fb31a6cccf5d65cb7e8a815b6475243f074291c109542d0a86f1af07632b1b47b0091d41886f35
- SSDEEP
  
  12288:xM8wyXeZv9NzhRo9HjHJiSQ90oRWybuMj4RJT3QG+mRHpqApXiW6PVaICPCSP7oy:K838W7Z/rX0l/
Score

10^/10

asyncrat azorult zgrat noip infostealer rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratazorultzgratnoipinfostealerrattrojan

behavioral2

asyncratazorultzgratnoipinfostealerrattrojan

© 2018-2024

Terms | Privacy