asyncrat | ad15869dd2adda745da583f9c1038ffdb127d7a2bab682b82c9858fd64c32301 | Triage

Submit
Reports

Overview

overview

Static

static

1

crashed_by_vohr.mp3

windows10-2004-x64

6

crashed_by_vohr.mp3

windows11-21h2-x64

Resubmissions

25-02-2024 23:20

240225-3br6psfh6s 6

25-02-2024 18:44

240225-xdwc9aag71 10

Sharing

General

Target

crashed_by_vohr.mp3
Size

9.3MB
Sample

240225-xdwc9aag71
MD5

0d813790b342f04e991a7f07487d39c7
SHA1

b3b73c636113390813ed338e83530120b5d0b9cd
SHA256

ad15869dd2adda745da583f9c1038ffdb127d7a2bab682b82c9858fd64c32301
SHA512

49b666e7dbed2903a544e04a2a1499537293fb09410d6391fd0f4b9d421880211930988e6aaaa5a99f2ccfd13cd8f7c6237270b34a7dd4fffe33bc13c252cc6c
SSDEEP

196608:OHK+1paMFx7zrfwVsZ1ZfjqkKIdPhvy/dxP:5+14MFx7HfhXfxdTKHP

Score

10^/10

asyncrat toxiceye def agilenet persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

crashed_by_vohr.mp3

Resource

win10v2004-20240221-en

windows10-2004-x64

12 signatures

1200 seconds

Behavioral task

behavioral2

Sample

crashed_by_vohr.mp3

Resource

win11-20240221-en

asyncrat toxiceye def agilenet persistence rat trojan

windows11-21h2-x64

34 signatures

1200 seconds

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot5687152406:AAFin_LYFhJGLydMgYheeUDec-2orew51aM/sendMessage?chat_id=2024893777

Extracted

Family

asyncrat

Version

1.0.7

Botnet

def

C2

37.18.62.18:8060

Mutex

era2312swe12-1213rsgdkms23

Attributes

delay
1
install
true
install_file
CCXProcess.exe
install_folder
%Temp%

aes.plain

Targets

- Target
  
  crashed_by_vohr.mp3
- Size
  
  9.3MB
- MD5
  
  0d813790b342f04e991a7f07487d39c7
- SHA1
  
  b3b73c636113390813ed338e83530120b5d0b9cd
- SHA256
  
  ad15869dd2adda745da583f9c1038ffdb127d7a2bab682b82c9858fd64c32301
- SHA512
  
  49b666e7dbed2903a544e04a2a1499537293fb09410d6391fd0f4b9d421880211930988e6aaaa5a99f2ccfd13cd8f7c6237270b34a7dd4fffe33bc13c252cc6c
- SSDEEP
  
  196608:OHK+1paMFx7zrfwVsZ1ZfjqkKIdPhvy/dxP:5+14MFx7HfhXfxdTKHP
Score

10^/10

asyncrat toxiceye def agilenet persistence rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- ToxicEye
  ToxicEye is a trojan written in C#.
  rat trojan toxiceye
- Downloads MZ/PE file
- Modifies Installed Components in the registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncrattoxiceyedefagilenetpersistencerattrojan

© 2018-2024

Terms | Privacy