asyncrat | 6a307f1adf1b502d218dca101b9c9731fb44ffda5a4a2eb0de5c5120b380386b | Triage

Submit
Reports

Overview

overview

Static

static

Infected.exe

windows10-2004-x64

Sharing

General

Target

Infected.exe
Size

63KB
Sample

240501-tb8n1scg24
MD5

ad7b88bdcbeb87873c4fa8c164fd91bb
SHA1

4a248ffe2f4bd1d9570421f1aa892f9b2c69b0bf
SHA256

6a307f1adf1b502d218dca101b9c9731fb44ffda5a4a2eb0de5c5120b380386b
SHA512

2e7904e3a40be399af2d883c1a2982a23c67990597a77df83dfe1fd8dd05e5de918cb6573bbdb3261131f8b88163c82763d72758b644399d1e894426c1417c0e
SSDEEP

768:jnuguX1wbgyX78dIC8A+XkuazcBRL5JTk1+T4KSBGHmDbD/ph0oXN3p7JZuwSuEV:rvCCPTDdSJYUbdh9pp7JsuEdpqKmY7

Score

10^/10

asyncrat stealerium default collection rat spyware stealer

Static task

static1

rat default asyncrat

3 signatures

Behavioral task

behavioral1

Sample

Infected.exe

Resource

win10v2004-20240426-en

asyncrat stealerium default collection rat spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

193.161.193.99:50291

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Infected.exe
- Size
  
  63KB
- MD5
  
  ad7b88bdcbeb87873c4fa8c164fd91bb
- SHA1
  
  4a248ffe2f4bd1d9570421f1aa892f9b2c69b0bf
- SHA256
  
  6a307f1adf1b502d218dca101b9c9731fb44ffda5a4a2eb0de5c5120b380386b
- SHA512
  
  2e7904e3a40be399af2d883c1a2982a23c67990597a77df83dfe1fd8dd05e5de918cb6573bbdb3261131f8b88163c82763d72758b644399d1e894426c1417c0e
- SSDEEP
  
  768:jnuguX1wbgyX78dIC8A+XkuazcBRL5JTk1+T4KSBGHmDbD/ph0oXN3p7JZuwSuEV:rvCCPTDdSJYUbdh9pp7JsuEdpqKmY7
Score

10^/10

asyncrat stealerium default collection rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Stealerium
  An open source info stealer written in C# first seen in May 2022.
  stealer stealerium
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratstealeriumdefaultcollectionratspywarestealer

© 2018-2024

Terms | Privacy