asyncrat | 7e5dd61d1a28a21f3eeaf8ff3723b69019f83be520b6ad986a57b5de05dab438 | Triage

Submit
Reports

Overview

overview

Static

static

3

fd212aeaf2...18.exe

windows7-x64

fd212aeaf2...18.exe

windows10-2004-x64

Sharing

General

Target

fd212aeaf2a519e24276516eeb1dedef_JaffaCakes118
Size

480KB
Sample

240420-tggsgscg5w
MD5

fd212aeaf2a519e24276516eeb1dedef
SHA1

55bb12aaac948f80f17d0f2b45db7992b92683ce
SHA256

7e5dd61d1a28a21f3eeaf8ff3723b69019f83be520b6ad986a57b5de05dab438
SHA512

8534c379b89c9c4d3f4d37dbe06bbba744e9fde7e5ff53d20eaa88eb166dc3d24e27221445546e849a34678d53b030ee5f58a72f395cf8a5e45d86e64c75508a
SSDEEP

12288:gZycYZmPGAD5HHT6O1FaxE6z1Jy7tMfHEce:gMcYZmeOz6MWE6z1JGtdce

Score

10^/10

asyncrat zgrat 6 rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fd212aeaf2a519e24276516eeb1dedef_JaffaCakes118.exe

Resource

win7-20231129-en

asyncrat zgrat 6 rat

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

fd212aeaf2a519e24276516eeb1dedef_JaffaCakes118.exe

Resource

win10v2004-20240412-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

6

C2

185.157.160.147:1973

Mutex

6SI8OkPnk0ut56r

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  fd212aeaf2a519e24276516eeb1dedef_JaffaCakes118
- Size
  
  480KB
- MD5
  
  fd212aeaf2a519e24276516eeb1dedef
- SHA1
  
  55bb12aaac948f80f17d0f2b45db7992b92683ce
- SHA256
  
  7e5dd61d1a28a21f3eeaf8ff3723b69019f83be520b6ad986a57b5de05dab438
- SHA512
  
  8534c379b89c9c4d3f4d37dbe06bbba744e9fde7e5ff53d20eaa88eb166dc3d24e27221445546e849a34678d53b030ee5f58a72f395cf8a5e45d86e64c75508a
- SSDEEP
  
  12288:gZycYZmPGAD5HHT6O1FaxE6z1Jy7tMfHEce:gMcYZmeOz6MWE6z1JGtdce
Score

10^/10

asyncrat zgrat 6 rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

asyncratzgrat6rat

behavioral2

© 2018-2024

Terms | Privacy