asyncrat

General

Target

2e4db0c8f13972267a53d6d51befde14f0239e35bd0cc3fe60404b5ace7a1935.exe
Size

155KB
Sample

240207-zse1xscecq
MD5

a2be5a2407107605033f2bd305be2e40
SHA1

0cc699e4c019627527777744903f75bc2494ef3a
SHA256

2e4db0c8f13972267a53d6d51befde14f0239e35bd0cc3fe60404b5ace7a1935
SHA512

ff211c693680df1ca81a7858dd647afc5cc0be093b985d9c3b20a1693bff069c260e66e2421b79e0711634baed2c6f12a1d905029e82e409c8368c0590bd9b6a
SSDEEP

768:8fvdWST3xRbyApqHuDlOHTjXhDnyokke5dfED1ns7csFOyh1cccccccccccgccc8:UvdWSVRVDlOzjRzrksAOUOMv

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

test

C2

xfreddy2751.duckdns.org:6606

xfreddy2751.duckdns.org:7707

xfreddy2751.duckdns.org:8808

darkstorm275991.ddns.net:6606

darkstorm275991.ddns.net:7707

darkstorm275991.ddns.net:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_file
License.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  2e4db0c8f13972267a53d6d51befde14f0239e35bd0cc3fe60404b5ace7a1935.exe
- Size
  
  155KB
- MD5
  
  a2be5a2407107605033f2bd305be2e40
- SHA1
  
  0cc699e4c019627527777744903f75bc2494ef3a
- SHA256
  
  2e4db0c8f13972267a53d6d51befde14f0239e35bd0cc3fe60404b5ace7a1935
- SHA512
  
  ff211c693680df1ca81a7858dd647afc5cc0be093b985d9c3b20a1693bff069c260e66e2421b79e0711634baed2c6f12a1d905029e82e409c8368c0590bd9b6a
- SSDEEP
  
  768:8fvdWST3xRbyApqHuDlOHTjXhDnyokke5dfED1ns7csFOyh1cccccccccccgccc8:UvdWSVRVDlOzjRzrksAOUOMv
Score

10^/10

asyncrat zgrat test rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
- Detects executables packed with ConfuserEx Mod
- Detects file containing reversed ASEP Autorun registry keys
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect ZGRat V1

ZGRat

Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.

Detects executables packed with ConfuserEx Mod

Detects file containing reversed ASEP Autorun registry keys

Blocklisted process makes network request

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2