asyncrat | 13af5dce278866f04c1b7c929b97010c9b057ca7201cde2c983a6a12c196dcb0 | Triage

Submit
Reports

Overview

overview

Static

static

3

13af5dce27...b0.exe

windows7-x64

6

13af5dce27...b0.exe

windows10-2004-x64

Sharing

General

Target

13af5dce278866f04c1b7c929b97010c9b057ca7201cde2c983a6a12c196dcb0
Size

3.5MB
Sample

240726-ljkcdstajf
MD5

3d65c83ef6cd531b1cea119ebaed6d4e
SHA1

dd34510ec94ccca3aad65d9956e62d99e214e9f8
SHA256

13af5dce278866f04c1b7c929b97010c9b057ca7201cde2c983a6a12c196dcb0
SHA512

a49634306f748433821dc246fe4624cb8f9ed1ba721ecb14ebddac9b13403d33cf58136bd2076d43abd40240166e96f91a14092b89fb962ab67fb69dd5711271
SSDEEP

98304:LVU8oNJUmv0ydoQK9q4YwjU4fyp/9EcdY11yyevzeXV:LVaOmiWV+11yyev

Score

10^/10

asyncrat defense_evasion discovery evasion persistence privilege_escalation rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

13af5dce278866f04c1b7c929b97010c9b057ca7201cde2c983a6a12c196dcb0.exe

Resource

win7-20240704-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

13af5dce278866f04c1b7c929b97010c9b057ca7201cde2c983a6a12c196dcb0.exe

Resource

win10v2004-20240709-en

asyncrat defense_evasion discovery evasion persistence privilege_escalation rat

windows10-2004-x64

25 signatures

150 seconds

Malware Config

Targets

- Target
  
  13af5dce278866f04c1b7c929b97010c9b057ca7201cde2c983a6a12c196dcb0
- Size
  
  3.5MB
- MD5
  
  3d65c83ef6cd531b1cea119ebaed6d4e
- SHA1
  
  dd34510ec94ccca3aad65d9956e62d99e214e9f8
- SHA256
  
  13af5dce278866f04c1b7c929b97010c9b057ca7201cde2c983a6a12c196dcb0
- SHA512
  
  a49634306f748433821dc246fe4624cb8f9ed1ba721ecb14ebddac9b13403d33cf58136bd2076d43abd40240166e96f91a14092b89fb962ab67fb69dd5711271
- SSDEEP
  
  98304:LVU8oNJUmv0ydoQK9q4YwjU4fyp/9EcdY11yyevzeXV:LVaOmiWV+11yyev
Score

10^/10

discovery asyncrat defense_evasion evasion persistence privilege_escalation rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Downloads MZ/PE file
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Indicator Removal

File Deletion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

System Location Discovery

System Language Discovery

System Network Connections Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

asyncratdefense_evasiondiscoveryevasionpersistenceprivilege_escalationrat

© 2018-2024

Terms | Privacy