asyncrat | 76797fc75ae4d4b0e61f2dd3db1432dfc9c1c275c4db5a7e166b871faf235329 | Triage

Submit
Reports

Overview

overview

Static

static

3

76797fc75a...29.exe

windows7-x64

76797fc75a...29.exe

windows10-2004-x64

Sharing

General

Target

76797fc75ae4d4b0e61f2dd3db1432dfc9c1c275c4db5a7e166b871faf235329
Size

418KB
Sample

240419-243x8shh84
MD5

cb3370e70e913a4275bc4cbac4c342c5
SHA1

60127d49c6ef89f11ff7195b308fcb1f3f4bd0b5
SHA256

76797fc75ae4d4b0e61f2dd3db1432dfc9c1c275c4db5a7e166b871faf235329
SHA512

0b2ac797e293f87e9960a63666c27f08ed4c6c9c379480a5af55797e903aa9d5cc296902918a5632e06b8675648db60ebce129e03a98f8348a4dfc24d224a52b
SSDEEP

3072:xIwobs0rlyJ2bHVMLuPKA3NSPWy/smX070faZ5VBK3Rw4lE2y16zI6I/V4OPcbRI:xIwC

Score

10^/10

asyncrat default rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

76797fc75ae4d4b0e61f2dd3db1432dfc9c1c275c4db5a7e166b871faf235329.exe

Resource

win7-20231129-en

asyncrat default rat

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

76797fc75ae4d4b0e61f2dd3db1432dfc9c1c275c4db5a7e166b871faf235329.exe

Resource

win10v2004-20240226-en

asyncrat default rat

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

127.0.0.1:8848

127.0.0.1:5858

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  76797fc75ae4d4b0e61f2dd3db1432dfc9c1c275c4db5a7e166b871faf235329
- Size
  
  418KB
- MD5
  
  cb3370e70e913a4275bc4cbac4c342c5
- SHA1
  
  60127d49c6ef89f11ff7195b308fcb1f3f4bd0b5
- SHA256
  
  76797fc75ae4d4b0e61f2dd3db1432dfc9c1c275c4db5a7e166b871faf235329
- SHA512
  
  0b2ac797e293f87e9960a63666c27f08ed4c6c9c379480a5af55797e903aa9d5cc296902918a5632e06b8675648db60ebce129e03a98f8348a4dfc24d224a52b
- SSDEEP
  
  3072:xIwobs0rlyJ2bHVMLuPKA3NSPWy/smX070faZ5VBK3Rw4lE2y16zI6I/V4OPcbRI:xIwC
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Detects executables attemping to enumerate video devices using WMI
- Detects executables containing the string DcRatBy
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat

© 2018-2024

Terms | Privacy