asyncrat | 1714faef50d0127645ce3540480623cf619f9b10c0364c67ca22db0f604e2381 | Triage

Submit
Reports

Overview

overview

Static

static

3

INQUIRYs#3....e.exe

windows7-x64

INQUIRYs#3....e.exe

windows10-2004-x64

Sharing

General

Target

INQUIRYs#37567JAN2024NEWORDERMATERIALSPRODs.e.exe
Size

542KB
Sample

240123-n31jtsafd3
MD5

0b97309812b9b2941e5512e12095960e
SHA1

8fc625372ccea9b23c3c3585e1a86a06479eb630
SHA256

1714faef50d0127645ce3540480623cf619f9b10c0364c67ca22db0f604e2381
SHA512

8f0568c9cea86cd33c089ec6f9f32581563d03edbc5ab9a82fd83b81c57ecd4556248a58d40dd315732187a213218a5a4e0af458aec0bde4a6b647b906dfa65b
SSDEEP

12288:eP7R2iNPBJI3AZp/UurrtqinZfTLatVX2wGlY:MV1xuAPH3A6natVX2wG

Score

10^/10

asyncrat default rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

INQUIRYs#37567JAN2024NEWORDERMATERIALSPRODs.e.exe

Resource

win7-20231129-en

asyncrat default rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

INQUIRYs#37567JAN2024NEWORDERMATERIALSPRODs.e.exe

Resource

win10v2004-20231222-en

asyncrat default rat

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

72.11.158.94:8808

Mutex

9Qbxs7iA1JpF

Attributes

delay
3
install
true
install_file
vidextra.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  INQUIRYs#37567JAN2024NEWORDERMATERIALSPRODs.e.exe
- Size
  
  542KB
- MD5
  
  0b97309812b9b2941e5512e12095960e
- SHA1
  
  8fc625372ccea9b23c3c3585e1a86a06479eb630
- SHA256
  
  1714faef50d0127645ce3540480623cf619f9b10c0364c67ca22db0f604e2381
- SHA512
  
  8f0568c9cea86cd33c089ec6f9f32581563d03edbc5ab9a82fd83b81c57ecd4556248a58d40dd315732187a213218a5a4e0af458aec0bde4a6b647b906dfa65b
- SSDEEP
  
  12288:eP7R2iNPBJI3AZp/UurrtqinZfTLatVX2wGlY:MV1xuAPH3A6natVX2wG
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat

© 2018-2024

Terms | Privacy