asyncrat

Sharing

Copy URL

Twitter E-mail

General

Target

MedicareSign.zip
Size

10.1MB
Sample

240715-j79abazcre
MD5

d5f1c6df24f165f9012d1068a693c1be
SHA1

8abd23316ab18861f4817704a5ad9aef3dc87f9d
SHA256

bb227aa7b0404ccac254372c91ddf2e307526aa82ed9c4ecd3e495c38a6b4552
SHA512

82590236958a1d7c6681eeaa2bbb7f8bc3489e6b73bffe472a7dc13aec45d87ee1b992e3154e8d55d1942ffadc5165d6530407b55d76e2331c32a4762b515fdf
SSDEEP

196608:ZeDsDsiGV9/Mk6FpejSJ7ZYM3TTKuln392pzzsnlTob+ykuli:ZeQDS/EcSJb/Kuln3kpknJo7/i

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.2

Botnet

Default

41.216.183.111:4449

Mutex

kcnzlaqzjkle

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  MedicareSign.zip
- Size
  
  10.1MB
- MD5
  
  d5f1c6df24f165f9012d1068a693c1be
- SHA1
  
  8abd23316ab18861f4817704a5ad9aef3dc87f9d
- SHA256
  
  bb227aa7b0404ccac254372c91ddf2e307526aa82ed9c4ecd3e495c38a6b4552
- SHA512
  
  82590236958a1d7c6681eeaa2bbb7f8bc3489e6b73bffe472a7dc13aec45d87ee1b992e3154e8d55d1942ffadc5165d6530407b55d76e2331c32a4762b515fdf
- SSDEEP
  
  196608:ZeDsDsiGV9/Mk6FpejSJ7ZYM3TTKuln392pzzsnlTob+ykuli:ZeQDS/EcSJb/Kuln3kpknJo7/i
Score

1^/10
behavioral1 behavioral2
- Target
  
  MedicareSign/AstCrp.dll
- Size
  
  171KB
- MD5
  
  dbb4bccfe8fee299d555a19865c41921
- SHA1
  
  a6c494854ca8bec80c05e259a9d8d9346ec61786
- SHA256
  
  45e87d7421b6b65c207e8d564a4e54dcdab7b104b83341f63d348f8894bde992
- SHA512
  
  5b5b6091655801c984e87a5de4b8c3771b7ff8a069206662650ba652711db48a4912a613015c2254215ccbd252c475c4a4f00efcb1e0dfb404c6736746a187a4
- SSDEEP
  
  3072:SNqEUD0UXALbdEHP5HJ1XDhaWwJ/kYc3e2uYOAg0FujDX8fLa/DNqulyZpx:IUqVy1Xta7tkV2AOHkulU
Score

1^/10
behavioral3 behavioral4
- Target
  
  MedicareSign/MedicareStart.exe
- Size
  
  8.6MB
- MD5
  
  679368412fd482fe978a21313d2a89c5
- SHA1
  
  6267e3e28881a462d91ec8e558d2988ef8030b6b
- SHA256
  
  beffe9a402b7721009674866ad773008c90b6af543973abdfb81391af4eb7146
- SHA512
  
  2f730f6d77d951ede98653b362f8affa331588bf21a60539a60eee23d912ec5d73ca2a05b69e7e7c047b2c264b8b2c260b4f866515238ffbc2b60a1c11b6270c
- SSDEEP
  
  196608:x/lCUxPzli/Aj+D70ajqqRVkmSEg8uW4BLFeQAizx:x/lCU1Q/Aj+D70ajqqRVzS9vW43zx
Score

10^/10

upx asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral5 behavioral6
- Target
  
  MedicareSign/SHFolder.dll
- Size
  
  841KB
- MD5
  
  8d2c92d7cedd77f3eff8b383d5556f0c
- SHA1
  
  dcbead38c732ccfb4593a0a867f19ec9b4a9d2e7
- SHA256
  
  8df137226893144ce0b62593bd3c27874958e00cac5640e49d5d7dcfcd09d92c
- SHA512
  
  747915cb4c6f4ce8e664600b3c7cd14804c412f08fd28bbe26d31e54553f4f5669312c1267d9e4452b1516805d6716f3d952e58f327f0a07e8b392f047166ca2
- SSDEEP
  
  12288:G+ywRzslg0tInWI6wCZj6+AR2a3zCoST0DMakA/4KQd+iEtUz:dNWLjjERHfDDl4KQd+iEtUz
Score

10^/10

asyncrat default rat upx
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral7 behavioral8
- Target
  
  MedicareSign/astclient.dll
- Size
  
  675KB
- MD5
  
  7bf95a14483346eae890e6f4354c74a8
- SHA1
  
  7de11b13cfe609d454bdd1393ed3d79a127c1b7c
- SHA256
  
  719f267e41c95e36f99f5da0b9d5d70054d3e9c16e99fb1122948382b976d614
- SHA512
  
  ef8b24e6079f05b3f1253e4487e1426639ceb5c1e13ca80046debd224353280e921ea765958f5b3f564983992a294e0242fd7bf4753cce24c51caa86557b51fe
- SSDEEP
  
  12288:eVX2O3PmDFam0YxykOeH74CMDEnvpWua1ph0lhSMXlCIVktHFlAP:QGMmbjxyk144vpWukh0lhSMXlaDAP
Score

5^/10
- Drops file in System32 directory
behavioral10 behavioral9
- Target
  
  MedicareSign/astprint.dll
- Size
  
  14KB
- MD5
  
  02f50ce43aa143a0a933036d4897879e
- SHA1
  
  0cc00f804fb902f7420fcbe8633a0991c7e1f49c
- SHA256
  
  9b1231d03c4cc88cca0dd224cb4059e2cfadeff9a5ef9f082c1da99e4ca95360
- SHA512
  
  da7573f2cb76798fc4845284857540cf4093228084f30b9230497268fd6a5e60a9246b63a5915b3dd192e60143e4fc17427d6c316392de1be60071dec57d686f
- SSDEEP
  
  192:J8QxCQybcQQybzW6kwCiEHio27aefHix86Tq7Y4odAUhUZQwg2G4lYqufZnIcfx:PVkntCi0GtCxXBhge4GfZIcfx
Score

3^/10
behavioral11 behavioral12
- Target
  
  MedicareSign/config.ini
- Size
  
  592B
- MD5
  
  d0194a86163e4edc6df8d7d18e05e94f
- SHA1
  
  a6fa3081d4b52ad403cb7e6328323145f825db9d
- SHA256
  
  bf98bf21fe2e415b0ddcfca143f1470672a621e0b6bf6688c66e0ea32fc38f26
- SHA512
  
  332dfcb032304b027ba71e9e2f61d828834ee18aca9bd36b3774ee9187550b0b760d2ec9bd55d7bb05c38aa4ea27156dcd56abb302d487dad24cc37338d9856a
Score

1^/10
behavioral13 behavioral14
- Target
  
  MedicareSign/eng.lng
- Size
  
  41KB
- MD5
  
  a210c2a3609b1c03df6d0219f74fc543
- SHA1
  
  78888e250c8af963268ebc467319d71a5061db6b
- SHA256
  
  3a968020e1532ecaffaef3be8f15b6ecbac3d58d129eb92511deca6904d215f5
- SHA512
  
  7e866eb3aa958d0ba2132044d7569ac97b20d712372b7343215f8383400231a12b502437a5984f376c81e50aa88b56037767514f94cd33f582b6b5c479f70ed5
- SSDEEP
  
  768:PkMuRwIvheHUkBgZs+0f/G4xI5IWbCPZLBC3RaNq3MDikSwTkAN:PKRvc/24OIWGPnsF3MDikbBN
Score

3^/10
behavioral15 behavioral16
- Target
  
  MedicareSign/rus.lng
- Size
  
  46KB
- MD5
  
  4f72ebbb21a28ef673687332542300b9
- SHA1
  
  97728fa855847e50d0bb1d139c4d1e10e79a3253
- SHA256
  
  ac761219f646ef9fbab4816c93a3754e9f6cb988872a1951e7f78acb799ba01e
- SHA512
  
  9f363dbc28a0d91ece3945631d89a2941f46959e8cf53c845394782854cd92ef922c27ec2cc3f0e82ee35271a0c4ea58d2fd62f098902e07271df00707278105
- SSDEEP
  
  768:bm9Qflsx38ZvCbPiyE1nvdm9tabMNfXGDdCCncTl4NRE6SjgQyPBhYgA/pCqFomU:69QflaIuib1AHabMNfXcdtncTl4NS6Ss
Score

3^/10
behavioral17 behavioral18
- Target
  
  __MACOSX/._MedicareSign
- Size
  
  276B
- MD5
  
  d16decad95607c5def284c3e7bd17523
- SHA1
  
  498544433a1128df9a850431971403945e42d139
- SHA256
  
  c2f4d1605bde8982981ca84e8f0369057d4a32b0b97dda128b5011fdc57ed55e
- SHA512
  
  5cab48c3cd05a9d68aaf6a64cc484d08250cf8ebea715aa9188ef9adf2740f0974c889b4f0776f845299944cbab55dd26520338505cfcc07529ec9982436ef8a
Score

3^/10
behavioral19 behavioral20
- Target
  
  __MACOSX/MedicareSign/._AstCrp.dll
- Size
  
  176B
- MD5
  
  d77d402b36b663889ad1ced2174dfc28
- SHA1
  
  743ee3fae3f2d6da885ef850566faf17b3609f7a
- SHA256
  
  879a0534c76af04a7bc6a6d15f64e9d156c909f05c11852cbf20c3890737b6c1
- SHA512
  
  d86d8e6e185596eb86b3af288e64bbdef4f4945bb415a76316d7451b02172ca9b69d6e13b71b7d8a641414df6668e596b481ace7490215d51cfc7c5464e403d2
Score

1^/10
behavioral21 behavioral22
- Target
  
  __MACOSX/MedicareSign/._MedicareStart.exe
- Size
  
  176B
- MD5
  
  d77d402b36b663889ad1ced2174dfc28
- SHA1
  
  743ee3fae3f2d6da885ef850566faf17b3609f7a
- SHA256
  
  879a0534c76af04a7bc6a6d15f64e9d156c909f05c11852cbf20c3890737b6c1
- SHA512
  
  d86d8e6e185596eb86b3af288e64bbdef4f4945bb415a76316d7451b02172ca9b69d6e13b71b7d8a641414df6668e596b481ace7490215d51cfc7c5464e403d2
Score

1^/10
behavioral23 behavioral24
- Target
  
  __MACOSX/MedicareSign/._SHFolder.dll
- Size
  
  176B
- MD5
  
  d77d402b36b663889ad1ced2174dfc28
- SHA1
  
  743ee3fae3f2d6da885ef850566faf17b3609f7a
- SHA256
  
  879a0534c76af04a7bc6a6d15f64e9d156c909f05c11852cbf20c3890737b6c1
- SHA512
  
  d86d8e6e185596eb86b3af288e64bbdef4f4945bb415a76316d7451b02172ca9b69d6e13b71b7d8a641414df6668e596b481ace7490215d51cfc7c5464e403d2
Score

1^/10
behavioral25 behavioral26
- Target
  
  __MACOSX/MedicareSign/._astclient.dll
- Size
  
  176B
- MD5
  
  d77d402b36b663889ad1ced2174dfc28
- SHA1
  
  743ee3fae3f2d6da885ef850566faf17b3609f7a
- SHA256
  
  879a0534c76af04a7bc6a6d15f64e9d156c909f05c11852cbf20c3890737b6c1
- SHA512
  
  d86d8e6e185596eb86b3af288e64bbdef4f4945bb415a76316d7451b02172ca9b69d6e13b71b7d8a641414df6668e596b481ace7490215d51cfc7c5464e403d2
Score

1^/10
behavioral27 behavioral28
- Target
  
  __MACOSX/MedicareSign/._astprint.dll
- Size
  
  176B
- MD5
  
  d77d402b36b663889ad1ced2174dfc28
- SHA1
  
  743ee3fae3f2d6da885ef850566faf17b3609f7a
- SHA256
  
  879a0534c76af04a7bc6a6d15f64e9d156c909f05c11852cbf20c3890737b6c1
- SHA512
  
  d86d8e6e185596eb86b3af288e64bbdef4f4945bb415a76316d7451b02172ca9b69d6e13b71b7d8a641414df6668e596b481ace7490215d51cfc7c5464e403d2
Score

1^/10
behavioral29 behavioral30
- Target
  
  __MACOSX/MedicareSign/._astrct.dll
- Size
  
  176B
- MD5
  
  d77d402b36b663889ad1ced2174dfc28
- SHA1
  
  743ee3fae3f2d6da885ef850566faf17b3609f7a
- SHA256
  
  879a0534c76af04a7bc6a6d15f64e9d156c909f05c11852cbf20c3890737b6c1
- SHA512
  
  d86d8e6e185596eb86b3af288e64bbdef4f4945bb415a76316d7451b02172ca9b69d6e13b71b7d8a641414df6668e596b481ace7490215d51cfc7c5464e403d2
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Async RAT payload

UPX packed file

AsyncRat

Async RAT payload

Blocklisted process makes network request

UPX packed file

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32