asyncrat | c1b1fabf3da9baf3d63792802c211736dcc8f398ec4d59045284f75cb3d7d49c | Triage

Submit
Reports

Overview

overview

Static

static

3

c1b1fabf3d...9c.exe

windows7-x64

c1b1fabf3d...9c.exe

windows10-2004-x64

Sharing

General

Target

c1b1fabf3da9baf3d63792802c211736dcc8f398ec4d59045284f75cb3d7d49c.exe
Size

339KB
Sample

240522-cslr5shd6s
MD5

3b3329be5d126e62ea8d68e39c4b31ef
SHA1

18c7b121b0b4a303ad797374a1bbc6756364379c
SHA256

c1b1fabf3da9baf3d63792802c211736dcc8f398ec4d59045284f75cb3d7d49c
SHA512

70079c6e87e7a7e1754c8ea5848f06dc4512226fd87a5b677716e41844ac0ba2bda81e6885ad3555b3ed2432ac3830e427564d09d41dd1ec3d27a7c3eb77d02a
SSDEEP

6144:UukEhlxtM+hkmVvIF9OLTulOuVIYfeVrwGZy50uSvOKaxuAyEOEFMy0:U5utTx+s+50u/KmuAagr

Score

10^/10

asyncrat neq rat spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c1b1fabf3da9baf3d63792802c211736dcc8f398ec4d59045284f75cb3d7d49c.exe

Resource

win7-20240221-en

asyncrat neq rat spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

c1b1fabf3da9baf3d63792802c211736dcc8f398ec4d59045284f75cb3d7d49c.exe

Resource

win10v2004-20240426-en

asyncrat neq rat spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

AWS | 3Losh

Botnet

neq

C2

goodone.loseyourip.com:6606

goodone.loseyourip.com:7707

goodone.loseyourip.com:8808

Mutex

AsyncMutex_adnocxxs

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  c1b1fabf3da9baf3d63792802c211736dcc8f398ec4d59045284f75cb3d7d49c.exe
- Size
  
  339KB
- MD5
  
  3b3329be5d126e62ea8d68e39c4b31ef
- SHA1
  
  18c7b121b0b4a303ad797374a1bbc6756364379c
- SHA256
  
  c1b1fabf3da9baf3d63792802c211736dcc8f398ec4d59045284f75cb3d7d49c
- SHA512
  
  70079c6e87e7a7e1754c8ea5848f06dc4512226fd87a5b677716e41844ac0ba2bda81e6885ad3555b3ed2432ac3830e427564d09d41dd1ec3d27a7c3eb77d02a
- SSDEEP
  
  6144:UukEhlxtM+hkmVvIF9OLTulOuVIYfeVrwGZy50uSvOKaxuAyEOEFMy0:U5utTx+s+50u/KmuAagr
Score

10^/10

asyncrat neq rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
- Detects file containing reversed ASEP Autorun registry keys
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratneqratspywarestealer

behavioral2

asyncratneqratspywarestealer

© 2018-2024

Terms | Privacy