asyncrat | 09f0f7270df05c3dae84defc043db7b411a5f8610ea93a2c85dd98c7a927c47a | Triage

Submit
Reports

Overview

overview

Static

static

2aaea86616...64.exe

windows7-x64

2aaea86616...64.exe

windows10-2004-x64

Sharing

General

Target

2aaea866166221511fbd56b52f0cef64.exe
Size

45KB
Sample

240513-qy359sgh7s
MD5

2aaea866166221511fbd56b52f0cef64
SHA1

58fb45e8808e6b523ba942088a45a49e780e6f2f
SHA256

09f0f7270df05c3dae84defc043db7b411a5f8610ea93a2c85dd98c7a927c47a
SHA512

de4029ade64782692fd4fae84f60d74587b73220f180d4b2b362c0670d980f2a04ecd1ecca0afafb8fad43f3fb11eafdade3002bba1686137a55a74fe50fc379
SSDEEP

768:NuLN+TwQhclWUlNzWmo2qDMKjPGaG6PIyzjbFgX3iN8F0S6d+Aj6gBDZOx:NuLN+Twip2lKTkDy3bCXSNS2Rj62dOx

Score

10^/10

asyncrat xmrig zgrat default execution miner persistence rat spyware stealer

Static task

static1

rat default asyncrat

3 signatures

Behavioral task

behavioral1

Sample

2aaea866166221511fbd56b52f0cef64.exe

Resource

win7-20240221-en

asyncrat xmrig zgrat default execution miner persistence rat spyware stealer

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

2aaea866166221511fbd56b52f0cef64.exe

Resource

win10v2004-20240508-en

asyncrat xmrig zgrat default execution miner persistence rat spyware stealer

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

94.228.162.82:6606

94.228.162.82:7707

94.228.162.82:8808

Mutex

nZrC1RL7rHnC

Attributes

delay
3
install
true
install_file
appBroker.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  2aaea866166221511fbd56b52f0cef64.exe
- Size
  
  45KB
- MD5
  
  2aaea866166221511fbd56b52f0cef64
- SHA1
  
  58fb45e8808e6b523ba942088a45a49e780e6f2f
- SHA256
  
  09f0f7270df05c3dae84defc043db7b411a5f8610ea93a2c85dd98c7a927c47a
- SHA512
  
  de4029ade64782692fd4fae84f60d74587b73220f180d4b2b362c0670d980f2a04ecd1ecca0afafb8fad43f3fb11eafdade3002bba1686137a55a74fe50fc379
- SSDEEP
  
  768:NuLN+TwQhclWUlNzWmo2qDMKjPGaG6PIyzjbFgX3iN8F0S6d+Aj6gBDZOx:NuLN+Twip2lKTkDy3bCXSNS2Rj62dOx
Score

10^/10

asyncrat xmrig zgrat default execution miner persistence rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Detect ZGRat V1
- XMRig Miner payload
  miner
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Async RAT payload
  rat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Command and Scripting Interpreter: PowerShell
  Start PowerShell.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratxmrigzgratdefaultexecutionminerpersistenceratspywarestealer

behavioral2

asyncratxmrigzgratdefaultexecutionminerpersistenceratspywarestealer

© 2018-2024

Terms | Privacy