asyncrat | 2de5faa16c405e6a3bc14b9d31a82cc389290066b36ed8f0d99d7cd53b1b1d1d | Triage

Submit
Reports

Overview

overview

Static

static

3

2de5faa16c...1d.exe

windows7-x64

2de5faa16c...1d.exe

windows10-2004-x64

Sharing

General

Target

2de5faa16c405e6a3bc14b9d31a82cc389290066b36ed8f0d99d7cd53b1b1d1d.exe
Size

679KB
Sample

240217-evrsaaag2y
MD5

170ed51ddb22cd75bf0fa4fa2a1bb6c4
SHA1

2e74fd6be27a77a883208db0d09524f15dfa7d00
SHA256

2de5faa16c405e6a3bc14b9d31a82cc389290066b36ed8f0d99d7cd53b1b1d1d
SHA512

ac43b87484e0158b24c5c2a65ca6ab394b0b1bae62b03fb28588749066f04520ac10c6307bb45bf334d18a81c3a2b6ae68107b330e134a273f60e12d1c612865
SSDEEP

12288:ijWQ4W3K9jGCN0TPsnAH7UA51BlkOUCIV/VKMSiyyjK:7AK96jXQA51BCObIVNKMd8

Score

10^/10

asyncrat 2024 rat spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2de5faa16c405e6a3bc14b9d31a82cc389290066b36ed8f0d99d7cd53b1b1d1d.exe

Resource

win7-20231215-en

asyncrat 2024 rat

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

2de5faa16c405e6a3bc14b9d31a82cc389290066b36ed8f0d99d7cd53b1b1d1d.exe

Resource

win10v2004-20231215-en

asyncrat 2024 rat spyware stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

2024

C2

rat.loseyourip.com:6606

rat.loseyourip.com:7707

rat.loseyourip.com:8808

Mutex

Async_2024

Attributes

delay
3
install
true
install_file
csrss.exe
install_folder
%Temp%

aes.plain

Targets

- Target
  
  2de5faa16c405e6a3bc14b9d31a82cc389290066b36ed8f0d99d7cd53b1b1d1d.exe
- Size
  
  679KB
- MD5
  
  170ed51ddb22cd75bf0fa4fa2a1bb6c4
- SHA1
  
  2e74fd6be27a77a883208db0d09524f15dfa7d00
- SHA256
  
  2de5faa16c405e6a3bc14b9d31a82cc389290066b36ed8f0d99d7cd53b1b1d1d
- SHA512
  
  ac43b87484e0158b24c5c2a65ca6ab394b0b1bae62b03fb28588749066f04520ac10c6307bb45bf334d18a81c3a2b6ae68107b330e134a273f60e12d1c612865
- SSDEEP
  
  12288:ijWQ4W3K9jGCN0TPsnAH7UA51BlkOUCIV/VKMSiyyjK:7AK96jXQA51BCObIVNKMd8
Score

10^/10

asyncrat 2024 rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
- Detects executables packed with SmartAssembly
- Detects file containing reversed ASEP Autorun registry keys
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

asyncrat2024rat

behavioral2

asyncrat2024ratspywarestealer

© 2018-2024

Terms | Privacy