asyncrat | 74612d59e628594289ac484c3dd2f533313bbcf40f751645b4fcbd52b381e80f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

74612d59e628594289ac484c3dd2f533313bbcf40f751645b4fcbd52b381e80f
Size

25KB
Sample

240419-t2k1mshc32
MD5

71f7c0f32c43a2595a2a7f73c38b5e8c
SHA1

081b0c0122fc8a8d1497b9568a3852fbe56b9414
SHA256

74612d59e628594289ac484c3dd2f533313bbcf40f751645b4fcbd52b381e80f
SHA512

f7ff475bfc10c20fc845928e2207565d0d2a6ae8af63341c966ce99a5046b828af4c4fbffefac0c57b4bfc7c4c00e9f5abb6bba3c7105bbce874fb70fd070464
SSDEEP

384:pm/zpUNiH4EWwQjFWqHRbOxKVH8YjjhCtFlI80WcB2qf8fFKGMdhOWZfYIdPB4:pEugbIYKRbbZRCblI8pW8ffQm0+

Score

10^/10

asyncrat exodus_market wdkiller rat spyware stealer

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Exodus_Market

C2

leetboy.dynuddns.net:1339

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
svchos.exe
install_folder
%AppData%

aes.plain

Extracted

Family

asyncrat

Version

5.0.5

Botnet

WDKILLER

C2

blue.o7lab.me:4449

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  b3b1a41903116bbc9fedd6403c9ad1976eefdcd50c322859f993a822b3bbac08.exe
- Size
  
  50KB
- MD5
  
  1f2ec9232f191e28fa8d5fbcbfad3a4f
- SHA1
  
  ee22f5b25185c5a6d37e16d3eb52f9515fd6964d
- SHA256
  
  b3b1a41903116bbc9fedd6403c9ad1976eefdcd50c322859f993a822b3bbac08
- SHA512
  
  af552abac7d370508b699a19c757342a7a70e897d3d5321d5c7933c815f0880bad9e4c20cd22002643b67f4dc220d1e3e5d69ffd0b91792d6ab5a777e42ec8a8
- SSDEEP
  
  1536:Idzg+bioFSXbzMncp4t9vUEUL4NQ6lD1UPko94yQ1Jzra4o35PGCwWCDGD3fNmHz:2mkcpumcvQaB/EINnZD6nLsow
Score

10^/10

asyncrat exodus_market wdkiller rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratexodus_marketwdkillerratspywarestealer

behavioral2