asyncrat

General

Target

Setup Downloader.zip
Size

4KB
Sample

240123-2slvkscbb4
MD5

704c156226894a4584e767ea51c35ddd
SHA1

648bf8b817cf412f626dbf100e2e2c2a19b16013
SHA256

6cac585ae54b57f55733ac48d8589591b1c39c2275a4ad3b340cf61068f0ecb8
SHA512

23f460871b7a1ba4e809d7ceb310d181f010408457451c8bcd6561b0f193c17725d3dac0d4721dae39a2003c89c4943b7db48c18bdb8f91ff6208dd086101c12
SSDEEP

96:aSfd8hcsTZKP1qiJn46vGM5sXkMVijOJ5hTmT+31+1J1p1nWWjRnN:Dfdy8qg46vGMekeijOJrFQV0WjRnN

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

@PixelsCloud

C2

94.156.67.176:13781

Extracted

Family

fabookie

C2

http://app.alie3ksgaa.com/check/safe

Extracted

Family

redline

Botnet

@Pixelscloud

C2

94.156.66.203:13781

Extracted

Family

redline

Botnet

LiveTraffic

C2

20.113.35.45:38357

Targets

- Target
  
  Setup Downloader.zip
- Size
  
  4KB
- MD5
  
  704c156226894a4584e767ea51c35ddd
- SHA1
  
  648bf8b817cf412f626dbf100e2e2c2a19b16013
- SHA256
  
  6cac585ae54b57f55733ac48d8589591b1c39c2275a4ad3b340cf61068f0ecb8
- SHA512
  
  23f460871b7a1ba4e809d7ceb310d181f010408457451c8bcd6561b0f193c17725d3dac0d4721dae39a2003c89c4943b7db48c18bdb8f91ff6208dd086101c12
- SSDEEP
  
  96:aSfd8hcsTZKP1qiJn46vGM5sXkMVijOJ5hTmT+31+1J1p1nWWjRnN:Dfdy8qg46vGMekeijOJrFQV0WjRnN
Score

1^/10
behavioral1
- Target
  
  Setup.exe
- Size
  
  12KB
- MD5
  
  a14e63d27e1ac1df185fa062103aa9aa
- SHA1
  
  2b64c35e4eff4a43ab6928979b6093b95f9fd714
- SHA256
  
  dda39f19837168845de33959de34bcfb7ee7f3a29ae55c9fa7f4cb12cb27f453
- SHA512
  
  10418efcce2970dcdbef1950464c4001753fccb436f4e8ba5f08f0d4d5c9b4a22a48f2803e59421b720393d84cfabd338497c0bc77cdd4548990930b9c350082
- SSDEEP
  
  192:brl2reIazGejA7HhdSbw/z1ULU87glpK/b26J4S1Xu85:b52r+xjALhMWULU870gJJ
Score

10^/10

asyncrat fabookie redline risepro sectoprat xworm zgrat @pixelscloud livetraffic discovery evasion infostealer persistence rat spyware stealer themida trojan upx
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Detect Fabookie payload
- Detect Xworm Payload
- Detect ZGRat V1
- Fabookie
  Fabookie is facebook account info stealer.
  spyware stealer fabookie
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Async RAT payload
  rat
- Creates new service(s)
  persistence
- Downloads MZ/PE file
- Stops running service(s)
  evasion
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Modifies file permissions
  discovery
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral2