asyncrat | 06f29306b273c4678e13d5d7a80ae9f5dc093da51e4115b5fe4a6ef7b1051103 | Triage

Sharing

General

Target

6371ea90e02125b4d7b56dfa46102c29.exe
Size

867KB
Sample

240709-skk4ms1flh
MD5

6371ea90e02125b4d7b56dfa46102c29
SHA1

0caebead6d4249fa5816a5f4dd88912a92cf642c
SHA256

06f29306b273c4678e13d5d7a80ae9f5dc093da51e4115b5fe4a6ef7b1051103
SHA512

4e19af51caf876c079628fcc6739f1b3b0ee08baa1d1e0437d626bc7e88513e7c987f4774b59a559dad02178b72ae20e2b680a2a23f4ebea305eeedf0d46f254
SSDEEP

24576:DJcQ1zPUeoAz92RkwbK8CB9FR4y/EOijf:d71oAz92Rhe8CBCVO

Score

10^/10

asyncrat ca$hflow$rat spyware stealer

Malware Config

Extracted

Family

asyncrat

Version

| Edit by Vinom Rat

Botnet

CA$HFLOW$

C2

144.126.149.221:0077

hfccgv.loseyourip.com:0077

Mutex

AsyncMutex_JKAD8FJA7U2

Attributes

delay
3
install
false
install_file
CCLEANER.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  6371ea90e02125b4d7b56dfa46102c29.exe
- Size
  
  867KB
- MD5
  
  6371ea90e02125b4d7b56dfa46102c29
- SHA1
  
  0caebead6d4249fa5816a5f4dd88912a92cf642c
- SHA256
  
  06f29306b273c4678e13d5d7a80ae9f5dc093da51e4115b5fe4a6ef7b1051103
- SHA512
  
  4e19af51caf876c079628fcc6739f1b3b0ee08baa1d1e0437d626bc7e88513e7c987f4774b59a559dad02178b72ae20e2b680a2a23f4ebea305eeedf0d46f254
- SSDEEP
  
  24576:DJcQ1zPUeoAz92RkwbK8CB9FR4y/EOijf:d71oAz92Rhe8CBCVO
Score

10^/10

asyncrat ca$hflow$rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratca$hflow$ratspywarestealer

behavioral2

asyncratca$hflow$ratspywarestealer