asyncrat | 73cd0a128abf1c8d63ec550c4eef392bef06afc13867cd08fd1150157f2022af | Triage

Sharing

General

Target

9236138b3e06a43e09af78ebe2471930_NeikiAnalytics.exe
Size

5.5MB
Sample

240520-c4dkxagd6t
MD5

9236138b3e06a43e09af78ebe2471930
SHA1

f8c11efa85dfdd424fb7f906ec5795ac07cfd8a2
SHA256

73cd0a128abf1c8d63ec550c4eef392bef06afc13867cd08fd1150157f2022af
SHA512

54d6f5d64bbe183188603c2faca3778b6abfd17573d861774e51bb56464773de5465aed26e947e4fa3360a76348ba5ea3703da5b146917700a9c4ece3ed79da4
SSDEEP

98304:GAsBbQ2H/oEMjghbO76uAqrngBNXsH7zMdDwPgQcM3qn8V/cwduNJKf+tLNTVGa:wRf/JTNXsH7z0DwPgdvwduGf67Ga

Score

10^/10

asyncrat risepro default persistence rat stealer

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

94.232.249.90:8848

Mutex

kalhf_nkjadhfjk333jvn

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  9236138b3e06a43e09af78ebe2471930_NeikiAnalytics.exe
- Size
  
  5.5MB
- MD5
  
  9236138b3e06a43e09af78ebe2471930
- SHA1
  
  f8c11efa85dfdd424fb7f906ec5795ac07cfd8a2
- SHA256
  
  73cd0a128abf1c8d63ec550c4eef392bef06afc13867cd08fd1150157f2022af
- SHA512
  
  54d6f5d64bbe183188603c2faca3778b6abfd17573d861774e51bb56464773de5465aed26e947e4fa3360a76348ba5ea3703da5b146917700a9c4ece3ed79da4
- SSDEEP
  
  98304:GAsBbQ2H/oEMjghbO76uAqrngBNXsH7zMdDwPgQcM3qn8V/cwduNJKf+tLNTVGa:wRf/JTNXsH7z0DwPgdvwduGf67Ga
Score

10^/10

asyncrat risepro default persistence rat stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratriseprodefaultpersistenceratstealer

behavioral2

asyncratriseprodefaultpersistenceratstealer