asyncrat

Resubmissions

04/05/2024, 10:29

240504-mjf6eabb91 10

04/05/2024, 09:56

240504-lysmbaae8y 10

Sharing

Copy URL Twitter E-mail

General

Target

Vulcan1.5 BETA.zip
Size

6.3MB
Sample

240504-mjf6eabb91
MD5

b293ff3ae6ad01fafea523441e813442
SHA1

c1cb4b37b4164bb9660d84f7d1ed407facdd60b2
SHA256

c89e2b54f3c5d87685524102f4a03430e99d41ff6541c99e97b379ab7f5a413c
SHA512

deea2063ba9488491b5401515ab6ac67d753474b6b7b1713f6cf052f0e98433a87d0a2180123a7fb3a5c6be56702254a34702085281b70371506947140085f98
SSDEEP

98304:QKE7E9j4HdYqSkhqzDmsMDSaauf537VsrnMFCU+cKXmuf5kXzRGeO2wBjSblCot7:r+HdQAqzRMksEQx+cttDUelwmE5LA

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Botnet

Default

127.0.0.1:3232

192.168.0.194:3232

Attributes

delay
4
install
true
install_file
sys1.exe
install_folder
%Temp%

aes.plain

Targets

- Target
  
  Vulcan1.5 BETA/CED3D10Hook.dll
- Size
  
  128KB
- MD5
  
  43dac1f3ca6b48263029b348111e3255
- SHA1
  
  9e399fddc2a256292a07b5c3a16b1c8bdd8da5c1
- SHA256
  
  148f12445f11a50efbd23509139bf06a47d453e8514733b5a15868d10cc6e066
- SHA512
  
  6e77a429923b503fc08895995eb8817e36145169c2937dacc2da92b846f45101846e98191aeb4f0f2f13fff05d0836aa658f505a04208188278718166c5e3032
- SSDEEP
  
  1536:jRXPVJPMo10+PfXl/IRTlsfQstLh66crJWeWyPCUpfrCWV13P1+CUOEvCvOEMI7:BdJPMlMb1g6e0dU9rf3P7UObvOja
Score

1^/10
behavioral1 behavioral2
- Target
  
  Vulcan1.5 BETA/CED3D10Hook64.dll
- Size
  
  140KB
- MD5
  
  0daf9f07847cceb0f0760bf5d770b8c1
- SHA1
  
  992cc461f67acea58a866a78b6eefb0cbcc3aaa1
- SHA256
  
  a2ac2ba27b0ed9acc3f0ea1bef9909a59169bc2eb16c979ef8e736a784bf2fa4
- SHA512
  
  b4dda28721de88a372af39d4dfba6e612ce06cc443d6a6d636334865a9f8ca555591fb36d9829b54bc0fb27f486d4f216d50f68e1c2df067439fe8ebbf203b6a
- SSDEEP
  
  3072:Kd3u82FbW5v1B9omLKfBbYWFhFCsfa5z8saPFZ1sL3OD1Ow:Kd+NFbWUMKfBTjFxfa5a1y4N
Score

1^/10
behavioral3 behavioral4
- Target
  
  Vulcan1.5 BETA/CED3D11Hook.dll
- Size
  
  137KB
- MD5
  
  42e2bf4210f8126e3d655218bd2af2e4
- SHA1
  
  78efcb9138eb0c800451cf2bcc10e92a3adf5b72
- SHA256
  
  1e30126badfffb231a605c6764dd98895208779ef440ea20015ab560263dd288
- SHA512
  
  c985988d0832ce26337f774b160ac369f2957c306a1d82fbbffe87d9062ae5f3af3c1209768cd574182669cd4495dba26b6f1388814c0724a7812218b0b8dc74
- SSDEEP
  
  1536:onOLYqoZQBD3m7bmVLcuVGpGXlWXQznQN8erRxQEmsYOT1GlERbo3iV8n/7DkCWy:o4YqoZNHi7VBAXvXMZ7ll3iyn3WOR3Oc
Score

1^/10
behavioral5 behavioral6
- Target
  
  Vulcan1.5 BETA/CED3D11Hook64.dll
- Size
  
  146KB
- MD5
  
  0eaac872aadc457c87ee995bbf45a9c1
- SHA1
  
  5e9e9b98f40424ad5397fc73c13b882d75499d27
- SHA256
  
  6f505cc5973687bbda1c2d9ac8a635d333f57c12067c54da7453d9448ab40b8f
- SHA512
  
  164d1e6ef537d44ac4c0fd90d3c708843a74ac2e08fa2b3f0fdd4a180401210847e0f7bb8ec3056f5dc1d5a54d3239c59fb37914ce7742a4c0eb81578657d24b
- SSDEEP
  
  3072:/20T06lYodB6ZcnHgSFulvfV0tYP/ipaQ8PFRBIiOBNOW:1Y6bdB6uHgSwtfV0+P/is1BIpD
Score

1^/10
behavioral7 behavioral8
- Target
  
  Vulcan1.5 BETA/FPS Fixer.exe
- Size
  
  509KB
- MD5
  
  2a60dfd1e0f85fbaeeeedfa3c4ff7082
- SHA1
  
  39818c8615995ab987230598f921c14e2fbc6788
- SHA256
  
  9491b1c563b349ab1c9bc2b8dc76f08019462518ecb6d84bdd2060a7b37f9eac
- SHA512
  
  9d3316b136c05ec91b2f9231cea661c6d670277247b627931cf2231b65d3bbb4a9f9967f71bcea7dc9ba2393001cb7540f49a1caea500367afa7d40dea780c8e
- SSDEEP
  
  12288:bKOjJsDc2+WC+D+4H/xeGofENaTSuGCC709:bKyacgDD+4fwG1NaTSw
Score

1^/10
behavioral10 behavioral9
- Target
  
  Vulcan1.5 BETA/Vulcan1.5.exe
- Size
  
  78KB
- MD5
  
  282462fa1cf7592d82b8bc63f8cca024
- SHA1
  
  f6d4d971d4bac357ae22a74f68a55b557d5ac69d
- SHA256
  
  73daf4be0b78f20916eb75bdcf49c55445f24d6966ebb63e27fee354dc670d52
- SHA512
  
  b36cd8b0fef03994eb94376ccd09984d50b7e445955accfb6096c696e5219a036ba1e99c6a230045a83d3ae48a3e188b208f96c6395a7ed1567b52822bd806f8
- SSDEEP
  
  1536:1EDhxf8JYs1rRb64YUbah9IuuuNIEMdpqKmY7:iH8qeYUbaV1IEMGz
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral11 behavioral12
- Target
  
  Vulcan1.5 BETA/autorun/AddToNewGroup.LUA
- Size
  
  1KB
- MD5
  
  83bdbb1ba0dd3c8c5a18f125951c9325
- SHA1
  
  bd0a80c6bfe473209c04800fd295c0c5505513b0
- SHA256
  
  87fa0d759d6b36cba2b5cb0a8c5c3c43312b0ee6f03e077c4ad6b9f748c5f8b0
- SHA512
  
  dc2959e6fb806d8bb617bfd2f8be7d524a8e8d639f842a31b37d5c8ce445634a44df03cf03d9aa2f7a74137d7fa50966e284dbf02d3662fa78f68acd5ebf80b3
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  Vulcan1.5 BETA/autorun/DotNetInterface.lua
- Size
  
  19KB
- MD5
  
  1dce4c5122636604f6ef299e5e6d8211
- SHA1
  
  b7149b4539315c699711403d85fc7b7d6943fb9d
- SHA256
  
  952bc6a8bfd0070566411ee88ca84f5a7f54c452a4e77790c84cb150595a443b
- SHA512
  
  705620c3b2a1bac7de12778fe953ed96c956f04b53c944907e00086fec2774b1202d424e6428c9e1daa0d49376a6f03b4de5b33e56c778c02f6cdcd76cb3ebe9
- SSDEEP
  
  192:DmA6x6gnQPYg7Zlzgng7/QgVgigbgggQ/egegmgKXh5XCZ1C1TRxvnW53ZgmdUMg:D6hQ9i27lKmUgQm
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  Vulcan1.5 BETA/autorun/JavaInfo.lua
- Size
  
  28KB
- MD5
  
  1bd760ada69fca61957f15955faa5909
- SHA1
  
  e445c15d1c6a8b239f30ea91b047d375408fc5cf
- SHA256
  
  aa530743076cac31f77260beac32b9e0e5b6983c2b3cbc8f348d8abf4f0c9c3b
- SHA512
  
  e4b57ac348a9d12b9f0be1c96591481d88219fb791d81386c0f66b08058a8182c692186d0eaa27482b427bdc73cd643d57ca3a047be8a52f5790d2abc51d5f5f
- SSDEEP
  
  768:u8A165AMalTUAXV/Odz3JJbeX94/TQIG0UDfCI:uEAfTUAUJ5EH
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  Vulcan1.5 BETA/autorun/JavaSearch.lua
- Size
  
  5KB
- MD5
  
  673fc378a0e09bf887e95ffa87d1ada7
- SHA1
  
  12a03af2c137e1dc079f417f67150a7bf70d55d2
- SHA256
  
  8af39e86394f7b56023753ca517bfdca29dc4f3dfe64a3310eafc21207a61e95
- SHA512
  
  dd06ddc7f8ffe6e1fcf142368e1e7035d2f3130b3124a223c9912258552d8984ad8daf12e72253df1c9271cbf1d59d2c40684c4fde5424af16e047882a90ae5e
- SSDEEP
  
  48:StC+Yv1YVq+5pVqZrSA5VixTM0GBHX9bM/oCOHuL6Ei2fqMII1qMII3nOZ22BWyn:KCVt8SFL3Ag0eFM1e19bKfuc275OU3
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  Vulcan1.5 BETA/autorun/MethodInvokeDialog.lua
- Size
  
  5KB
- MD5
  
  196b14ebdf8de3baf14bca42505990c6
- SHA1
  
  4f0ef4bfac987ba7b7eeab048453ed6eed8897fb
- SHA256
  
  eef6cfa2400ab5d1b4c59bbf3bdc977d5600ee07c3edc068de84b16eb48442dd
- SHA512
  
  5c2d4163a67b7eb2add77a3ab135e952c04067f62f41cc8db4e4eec7ef20ca299280e1902e53b65f8edbe2605071a96876daf48cb386095684c30a9127e27803
- SSDEEP
  
  96:1pcDQnDy6H+HdHjHbopbdf6vssaSaaHwuHymCvyrx1Ma+H5HndgbAH/Ey/6vi/+H:ncDQnG6H+HdHjHb4bdf6ksaSaaHwuHnj
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  Vulcan1.5 BETA/autorun/andtools.lua
- Size
  
  7KB
- MD5
  
  dbea35855b986c3e529d5f6dedbe5ef6
- SHA1
  
  3cc8db2ebed5b515ddb6a1cdf54066e8dc0485a7
- SHA256
  
  1142b59d9b5a918b637006fbcd7199c3d561ce08722ecaf192fbf2bcb9b0c3f1
- SHA512
  
  030fb90f1caaffde1dcdc72d74bbda7874e62171029704efb44e521eb46f2d1eb75a99e8314b7b72843bb1edd236c38f4266c081d471a56951bc29c5226c7250
- SSDEEP
  
  192:br0u5yjRAJgkv4a0vmIVn4vAP9dno/wF+j6IV5yG5A:b4uAjRQgg4tmIR8+95WLj95A
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  Vulcan1.5 BETA/autorun/autosave.LUA
- Size
  
  8KB
- MD5
  
  005a675ddbdf7e8359aab9af19dd7000
- SHA1
  
  2dc8ef7abbacff7c11bbdc3e7edfe95a9b2ddeea
- SHA256
  
  2102c2a017fe0c15d924891750f2108734c1f616bb8155db075109e4368a931e
- SHA512
  
  a756d3f6b4cfd8ac91d30f768f4d4ce3571250f484c6fe00e3e439062cb6a7eeef506799324c97b02e9367482dffb72ca599361a3261e95d203d645ac8bd267b
- SSDEEP
  
  192:77ODPchjfwp0nUubFgqXz/C/cozwzQtHdBLRs6:o90UKXxqXR
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  Vulcan1.5 BETA/autorun/babyce.lua
- Size
  
  14KB
- MD5
  
  2752eb057b40d4490c866315c6f50055
- SHA1
  
  0e228ca74cc7c15922e8fce81067cc0c6630257f
- SHA256
  
  1a0af003b24d7af4aac1da4f635dc2654b909ea4e377aa7f8100e1423fe56156
- SHA512
  
  33c3e6493efb708f06ad3ec2f6072cc24a0f62474734a2307347f43bc4a6e669dc03df9d954337c57aff4e3f7e19cefa0d9740390b2e54fc797c8e8f50e27ce9
- SSDEEP
  
  384:aapaXjubrqWBIsICp4vgbWj5fP24uH8pvn1ehUqmWcCGcZhaGNFwytpeuwFda:aawXSbrqWBIsIq4vgbWj5fP24w8pvE+Q
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  Vulcan1.5 BETA/autorun/bigendian.lua
- Size
  
  7KB
- MD5
  
  4b2ee1e7fcff5281b4f39698d8ca5a16
- SHA1
  
  9f1924319e471a58c6ee765eaa574baa95918b70
- SHA256
  
  ec62e56280d04a8abf6bd1261991a505b2e5901082d8e41c9a6a15592cc9ac27
- SHA512
  
  32128583eda5100278f94118bf0fc06c5d34a5812693597f90da4c4fa2303ca4a9e5e69d2f60565492532fdeaf9335272e96c4d2c4897559dede12987ff09bd9
- SSDEEP
  
  192:AQMWG73KlI7UQUWi7lKli7GQYWp7G7wDrcHZfBQQRT8Rw+:ANK7DKJPNTm1
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  Vulcan1.5 BETA/autorun/ceshare.lua
- Size
  
  13KB
- MD5
  
  b58b18c87bde2a935dcd06ded31b3c77
- SHA1
  
  ba8e40d11883ad892bb939dc0317393dc7399b0f
- SHA256
  
  c0a7ad4fd5bc521b04fea71e9d1023d9e36f88bb8f6a53e4e8e014923de4c7d9
- SHA512
  
  2785aa8957b07822f7e66cd5a9ef0369c21afba29d89bc525de13da43f9fda85a9635d9f3e1dcd56bcf45887645aa795355b0da1bcacfea511a92251b9bcaee3
- SSDEEP
  
  192:p1mSfPL5ThWRM8vLdyWR1hHS+6stplX7ZbaFYBY6tnGb:/fPjylLNkKW6tE
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Async RAT payload

Checks computer location settings

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32