asyncrat | 147f810affa8a7f95cc8a15cc5918933d3cf430232e132b340180d3878951974 | Triage

Submit
Reports

Overview

overview

Static

static

147f810aff...74.msi

windows7-x64

147f810aff...74.msi

windows10-2004-x64

Sharing

General

Target

147f810affa8a7f95cc8a15cc5918933d3cf430232e132b340180d3878951974.msi
Size

1.5MB
Sample

240426-bdn4aagf2t
MD5

6d3f68d31efc5fc456850af228427c25
SHA1

487fcaaab61ce4e76d6a1e2568cf3602a5f6632b
SHA256

147f810affa8a7f95cc8a15cc5918933d3cf430232e132b340180d3878951974
SHA512

e1c26181065ad69078e281154f741d318ceec9d412c030a89397e6d27ff89c224ed7f106b68892f41309264830e48255ff114369985206efe9c5311f8725df3d
SSDEEP

24576:kt9cpVDhOXLcVXyEq9GRhv9cWP8rtPN01Mq7+xtA+w9TxDfoUBoiGt+eWilfdqF6:jpRhOXLcJyEq9GRhvVqtV01Mq7kctDAo

Score

10^/10

asyncrat mafiaexe discovery rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

147f810affa8a7f95cc8a15cc5918933d3cf430232e132b340180d3878951974.msi

Resource

win7-20231129-en

asyncrat mafiaexe discovery rat

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

147f810affa8a7f95cc8a15cc5918933d3cf430232e132b340180d3878951974.msi

Resource

win10v2004-20240412-en

asyncrat mafiaexe discovery rat

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

AWS | 3Losh

Botnet

mafiaexe

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

twinks234.duckdns.org:6606

twinks234.duckdns.org:7707

twinks234.duckdns.org:8808

Mutex

mafiaEXE

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  147f810affa8a7f95cc8a15cc5918933d3cf430232e132b340180d3878951974.msi
- Size
  
  1.5MB
- MD5
  
  6d3f68d31efc5fc456850af228427c25
- SHA1
  
  487fcaaab61ce4e76d6a1e2568cf3602a5f6632b
- SHA256
  
  147f810affa8a7f95cc8a15cc5918933d3cf430232e132b340180d3878951974
- SHA512
  
  e1c26181065ad69078e281154f741d318ceec9d412c030a89397e6d27ff89c224ed7f106b68892f41309264830e48255ff114369985206efe9c5311f8725df3d
- SSDEEP
  
  24576:kt9cpVDhOXLcVXyEq9GRhv9cWP8rtPN01Mq7+xtA+w9TxDfoUBoiGt+eWilfdqF6:jpRhOXLcJyEq9GRhvVqtV01Mq7kctDAo
Score

10^/10

asyncrat mafiaexe discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
- Detects file containing reversed ASEP Autorun registry keys
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

asyncratmafiaexediscoveryrat

behavioral2

asyncratmafiaexediscoveryrat

© 2018-2024

Terms | Privacy