asyncrat | 9fe019bc58d7696c3658ebe88f4a7d2cee682236872353ffe4bd92fd86c18be9 | Triage

Submit
Reports

Overview

overview

Static

static

temps.exe

windows7-x64

temps.exe

windows10-2004-x64

Sharing

General

Target

temps.exe
Size

63KB
Sample

240615-whn93azard
MD5

bf056ef6ab656719cc5b1a0efaac990b
SHA1

14e0ed9edeb65a47aa1a14bd94a6c72293b1c787
SHA256

9fe019bc58d7696c3658ebe88f4a7d2cee682236872353ffe4bd92fd86c18be9
SHA512

a23d0e24e287a232ebfc0bd35b4922693743dc8b6885a159bdf71d972cc3e3a104ba2dcf5487acba5175902946a332940c48e37b31bb76f245b090a7444e0929
SSDEEP

768:b7yb0xqDayjrHrN78xIC8A+Xjzwyr3aLhAwqhJTFAR9n1+T4GSBGHmDbDcph0oWN:CQMLVv6hALhJmRYUbyhY/5ukdpqKmY7

Score

10^/10

asyncrat default rat

Static task

static1

rat default asyncrat

3 signatures

Behavioral task

behavioral1

Sample

temps.exe

Resource

win7-20240508-en

asyncrat default rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

temps.exe

Resource

win10v2004-20240508-en

asyncrat default rat

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

0.tcp.eu.ngrok.io:14406

Attributes

delay
1
install
true
install_file
ALSO.exe
install_folder
%Temp%

aes.plain

Targets

- Target
  
  temps.exe
- Size
  
  63KB
- MD5
  
  bf056ef6ab656719cc5b1a0efaac990b
- SHA1
  
  14e0ed9edeb65a47aa1a14bd94a6c72293b1c787
- SHA256
  
  9fe019bc58d7696c3658ebe88f4a7d2cee682236872353ffe4bd92fd86c18be9
- SHA512
  
  a23d0e24e287a232ebfc0bd35b4922693743dc8b6885a159bdf71d972cc3e3a104ba2dcf5487acba5175902946a332940c48e37b31bb76f245b090a7444e0929
- SSDEEP
  
  768:b7yb0xqDayjrHrN78xIC8A+Xjzwyr3aLhAwqhJTFAR9n1+T4GSBGHmDbDcph0oWN:CQMLVv6hALhJmRYUbyhY/5ukdpqKmY7
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat

© 2018-2024

Terms | Privacy