asyncrat | a32ad92bc669d691f17c943761f30ebbdc17e85054595c648d78c1015ffcebb9 | Triage

Submit
Reports

Overview

overview

Static

static

7

MailAcessC...ky.exe

windows7-x64

MailAcessC...ky.exe

windows10-2004-x64

Sharing

General

Target

MailAcessCheckerbyxRisky.exe
Size

10.4MB
Sample

240803-lxfalavcqb
MD5

0bfe538046352ebb0d7b5fcd50a287ad
SHA1

e76a0b5d42648df99604079af74931a333703ef3
SHA256

a32ad92bc669d691f17c943761f30ebbdc17e85054595c648d78c1015ffcebb9
SHA512

e938f69267ed773f26ec8b7d47d98b127c6f659ef04fde925484a1e755e20b435d61a2d3822274e23db48caaa1574c51ce3cb5c87c8c24109998bb0e0a58bfd2
SSDEEP

196608:+6JnRoCYJnksvvcHbMdYWSm2iLRoyru5Q2ZGe/QDbA0SnTbja57K4q6:FPoVJnpqi+6XySReIqHjaQ4q

Score

10^/10

asyncrat discovery evasion rat themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

MailAcessCheckerbyxRisky.exe

Resource

win7-20240705-en

asyncrat discovery evasion rat themida trojan

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

MailAcessCheckerbyxRisky.exe

Resource

win10v2004-20240802-en

asyncrat discovery evasion rat themida trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Mutex

AsyncMutex_7SI8OkPnk

Attributes

delay
3
install
true
install_file
ContainerRuntime.exe
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/Kb8rTgY7

aes.plain

Targets

- Target
  
  MailAcessCheckerbyxRisky.exe
- Size
  
  10.4MB
- MD5
  
  0bfe538046352ebb0d7b5fcd50a287ad
- SHA1
  
  e76a0b5d42648df99604079af74931a333703ef3
- SHA256
  
  a32ad92bc669d691f17c943761f30ebbdc17e85054595c648d78c1015ffcebb9
- SHA512
  
  e938f69267ed773f26ec8b7d47d98b127c6f659ef04fde925484a1e755e20b435d61a2d3822274e23db48caaa1574c51ce3cb5c87c8c24109998bb0e0a58bfd2
- SSDEEP
  
  196608:+6JnRoCYJnksvvcHbMdYWSm2iLRoyru5Q2ZGe/QDbA0SnTbja57K4q6:FPoVJnpqi+6XySReIqHjaQ4q
Score

10^/10

asyncrat discovery evasion rat themida trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdiscoveryevasionratthemidatrojan

behavioral2

asyncratdiscoveryevasionratthemidatrojan

© 2018-2025

Terms | Privacy