asyncrat

Sharing

Copy URL

Twitter E-mail

General

Target

RC7.zip
Size

1.3MB
Sample

240804-3war6avale
MD5

ba1d173c86f1757d5afd626ac8654a46
SHA1

ad5a96395c1856976ccc21a5475c8abee46a7395
SHA256

dcaf229e56e1b0f267d7e99b63920150ef1c18f8bcbf4da94c9ac592c75bdbe8
SHA512

4f5bd6c43004e5daf86e0a9353821b8e55c735a9318ba035db36221387024645a0c5418bd9ca1ab21cb2130e1893650abafa6ea081b5cb82396201d376783208
SSDEEP

24576:jC3aGYqXtuh05vkLFz/cQO9JLyxa47UI4Gp+visFLfd++NYd++2MwvesVdRLFlr:EYT0iLBYJia4734GpUzd++N7HTjlr

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

45.90.13.137:7707

Mutex

HleCBmrMxwFA

Attributes

delay
3
install
true
install_file
Server-Host.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  RC7.zip
- Size
  
  1.3MB
- MD5
  
  ba1d173c86f1757d5afd626ac8654a46
- SHA1
  
  ad5a96395c1856976ccc21a5475c8abee46a7395
- SHA256
  
  dcaf229e56e1b0f267d7e99b63920150ef1c18f8bcbf4da94c9ac592c75bdbe8
- SHA512
  
  4f5bd6c43004e5daf86e0a9353821b8e55c735a9318ba035db36221387024645a0c5418bd9ca1ab21cb2130e1893650abafa6ea081b5cb82396201d376783208
- SSDEEP
  
  24576:jC3aGYqXtuh05vkLFz/cQO9JLyxa47UI4Gp+visFLfd++NYd++2MwvesVdRLFlr:EYT0iLBYJia4734GpUzd++N7HTjlr
Score

1^/10
behavioral1 behavioral2
- Target
  
  RC7 (5) (1)/First.deps.json
- Size
  
  407B
- MD5
  
  1c6af07f5e054bc005f172fa8487c5ed
- SHA1
  
  4880dd8a6e9b72809b1bbd36bf679690ac9c7931
- SHA256
  
  13b10c533eafa0a1111ee62f978d4407bad2e5efe86c1d11cb1ef07d67796fd8
- SHA512
  
  24e4099df987b8a9170220d2d58e4bafc72927ddf07b7dd0b400f8b8f416501d112cdb8fd6d7968025d02090e5bf6f8e9ffa4e4cc785fbc5175fbd160d0c46ac
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  RC7 (5) (1)/First.dll
- Size
  
  7KB
- MD5
  
  64fb3c0c1269bdb3119d0aeca9783c69
- SHA1
  
  39903892a687e03aebfd1de9c407e724bf5024fb
- SHA256
  
  77ea5129b0e8145f00c040a5a7db84b37d6b736f488e866545ae072ad9ca221a
- SHA512
  
  22565870393c6353591bd2eabc9748e269704277bdb1df7faaa99564ed78988a455df4a515de8231cbfa6655ea3eeabd137fa2fa0b162132d6e08fb329e5381b
- SSDEEP
  
  96:rddBmJWilc/5eFLxHolIOCcmMdPpkwWNFRR1X+W6FnCSHN/CNVWzwkSTozNt:pyJpieF9Ho0cm69TCekpq
Score

1^/10
behavioral5 behavioral6
- Target
  
  RC7 (5) (1)/First.exe
- Size
  
  139KB
- MD5
  
  d5f71f93624190439b569498acca69a9
- SHA1
  
  323c616a5ed5e680b221f1db6acfa222e8be719a
- SHA256
  
  8bcb2329f01af33a1707f6a1a749987cfaff3976a9bcdbffad37d477dd5fd8ab
- SHA512
  
  e03043bbd4389f77d337a33d92764496bd5a84654a95a3792de0a025765d43a795ef1351a64d96c6ae1f85daadc68a1c1fdc192a9adb153a15cf1cb71607b715
- SSDEEP
  
  3072:+iS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJK8ltX:+iS4ompB9S3BZi0a1G78IVhcgct
Score

10^/10

asyncrat default discovery evasion rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Async RAT payload
  rat
- Disables Task Manager via registry modification
  evasion
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral7 behavioral8
- Target
  
  RC7 (5) (1)/First.pdb
- Size
  
  10KB
- MD5
  
  9b443e924bef08f021422fdc1a6edde7
- SHA1
  
  216e925a96f92827efac247904ba97343be57c1c
- SHA256
  
  5212b77b76e6b7e56551074c424a56d0c03d4e0fc8502dd836fa5c2627b1d4a6
- SHA512
  
  88162989db275d77bff04a9a0262d534272be23db430fdaa86321ff25780ed61c6aa256b69d6ceda958ca371f631fb8b9563df4ae144ad8d1c983b95e90941d6
- SSDEEP
  
  192:4MocM3yCgLm/cXpCZbd+auMDDtSbrUvT+TUgVhkXIh2/8tLcwkQH4raayHVfIUXJ:4MxErgCZbd+auMDDtSHaT+1VhkXIhvt9
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  RC7 (5) (1)/First.runtimeconfig.json
- Size
  
  268B
- MD5
  
  9fcdf880f73e74cf6347f8194b9f3509
- SHA1
  
  ab571c7ed4920129c89c7e083f3c9f22597198bc
- SHA256
  
  162d81f468bec570ec15e527433f4de5d5729ffe338ab79b22671f38760d34bd
- SHA512
  
  23ea2a78914aeec443bded1e6dddb1fce61f0445c53e0428e97353dcc25e9ee80a98603069de336d57c1d12b00eb14ad59847137387df330a3925bd763f4fde1
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  RC7 (5) (1)/READ ME.txt
- Size
  
  506B
- MD5
  
  8be52f0bed378536eeae278d8cede262
- SHA1
  
  f70451795b80a21271b94dbfb4476f6def3ca27d
- SHA256
  
  ee8e08bb7361c78544257c320d90767e7c32b6b30fd196283f0426a6d1c316d9
- SHA512
  
  7d8e01ca909659e39a2f3a49e550f020db2210b8dc8b5f5fabddce30c226e3740ee59a53a941a45b3f1932e6d50d7e781b4e3de94d1d8e92f0a9bcb9043c9e89
Score

1^/10
behavioral13 behavioral14
- Target
  
  RC7 (5) (1)/ScintillaNET.dll
- Size
  
  1.3MB
- MD5
  
  9166536c31f4e725e6befe85e2889a4b
- SHA1
  
  f0cd8253b7e64157d39a8dc5feb8cf7bda7e8dae
- SHA256
  
  ad0cc5a4d4a6aae06ee360339c851892b74b8a275ce89c1b48185672179f3163
- SHA512
  
  113a7b77d2d557d135470787deead744d42f8292d853e2b55074e9cb3591fd045ffd10e5c81b5c15dde55861b806363568611e591ae25dcb31cf011da7e72562
- SSDEEP
  
  24576:IJSShz305vgNF7/cOCPHPSVs4Eq+QTNX+cfQdS+2MMPishd/Ws5:ti0aNvoHqs4L95X+cfx/HGC
Score

1^/10
behavioral15 behavioral16