Overview

overview

10

Static

static

3

2de5faa16c...1d.exe

windows7-x64

10

2de5faa16c...1d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    170ed51ddb22cd75bf0fa4fa2a1bb6c4.bin

  • Size

    531KB

  • Sample

    240218-bl6y3acb9y

  • MD5

    4d12e30e2a09a62999e6863c94d66e8d

  • SHA1

    4b625deeb887c6d8c2116668e6e6ded7066d0bb6

  • SHA256

    ff1b064b71fa0f332b1efd96784d4c4412da9848c0fcb7f6f9e78a914a70daae

  • SHA512

    55f6d20e00015575a7078a87a45eada3b572a9a167567d0f632aef0b6802cb1b55aea9fcf8c1a431957272f2e70ab3d72869d2b5acba9f6a99864d49bbeae46d

  • SSDEEP

    12288:em18e1TdoWWKIooyLm4WfZlUqYnB0ab73DXzkLFQxib:eTeL6HyLfWfZKnDML4Q

Score
10/10
asyncrat2024ratspywarestealer

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

2024

C2

rat.loseyourip.com:6606

rat.loseyourip.com:7707

rat.loseyourip.com:8808
Mutex

Async_2024

Attributes
  • delay

    3

  • install

    true

  • install_file

    csrss.exe

  • install_folder

    %Temp%

aes.plain

Targets

    • Target

      2de5faa16c405e6a3bc14b9d31a82cc389290066b36ed8f0d99d7cd53b1b1d1d.exe

    • Size

      679KB

    • MD5

      170ed51ddb22cd75bf0fa4fa2a1bb6c4

    • SHA1

      2e74fd6be27a77a883208db0d09524f15dfa7d00

    • SHA256

      2de5faa16c405e6a3bc14b9d31a82cc389290066b36ed8f0d99d7cd53b1b1d1d

    • SHA512

      ac43b87484e0158b24c5c2a65ca6ab394b0b1bae62b03fb28588749066f04520ac10c6307bb45bf334d18a81c3a2b6ae68107b330e134a273f60e12d1c612865

    • SSDEEP

      12288:ijWQ4W3K9jGCN0TPsnAH7UA51BlkOUCIV/VKMSiyyjK:7AK96jXQA51BCObIVNKMd8

    Score
    10/10
    asyncrat2024ratspywarestealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks