asyncrat | 11948c9b0bb30505094e237e91f2eae6b4bd32710983732c917d398bc2b7618a | Triage

Sharing

General

Target

FreebsdSensitive.exe
Size

739KB
Sample

240527-vwyvzsbd7v
MD5

e52dec7860f62f934e934966801f3eb3
SHA1

1220eabda84623ce3d1649b491513291bff31513
SHA256

11948c9b0bb30505094e237e91f2eae6b4bd32710983732c917d398bc2b7618a
SHA512

aeb568388d18e02d7e792ce6d62ca4b29b3973a671fe804aece60f26d2b0f0c8a1cb43b92fb03eaf44cf400dadd05fadcf1f2b6a8b21dfb26ecdd43902751506
SSDEEP

12288:vHadwSQZsCJCzmFyinp17VuYkPMZqN0H+68AJV78u5jiqSDGeeLtOUQYWCaGEk:PadNQZsCYzmFy01gzoZeFuVou5m1Geej

Score

10^/10

asyncrat fwzcrypt rat spyware stealer

Malware Config

Extracted

Family

asyncrat

Version

AWS | 3Losh

Botnet

Fwzcrypt

C2

alertazazws123.ddnsgeek.com:7707

Mutex

AsyncMutex_shwdfee

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  FreebsdSensitive.exe
- Size
  
  739KB
- MD5
  
  e52dec7860f62f934e934966801f3eb3
- SHA1
  
  1220eabda84623ce3d1649b491513291bff31513
- SHA256
  
  11948c9b0bb30505094e237e91f2eae6b4bd32710983732c917d398bc2b7618a
- SHA512
  
  aeb568388d18e02d7e792ce6d62ca4b29b3973a671fe804aece60f26d2b0f0c8a1cb43b92fb03eaf44cf400dadd05fadcf1f2b6a8b21dfb26ecdd43902751506
- SSDEEP
  
  12288:vHadwSQZsCJCzmFyinp17VuYkPMZqN0H+68AJV78u5jiqSDGeeLtOUQYWCaGEk:PadNQZsCYzmFy01gzoZeFuVou5m1Geej
Score

10^/10

asyncrat fwzcrypt rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratfwzcryptratspywarestealer

behavioral2

asyncratfwzcryptratspywarestealer