asyncrat | 47a46de105177d826cbda74051f7f9d7bb95ed079c2e636743f9f04ad8c6c4a7 | Triage

Submit
Reports

Overview

overview

Static

static

0x00080000...51.exe

windows7-x64

0x00080000...51.exe

windows10-2004-x64

Sharing

General

Target

0x00080000000162ed-1051.dat
Size

45KB
Sample

240806-rssm1s1fpm
MD5

3b86abe4c79286ed06965c268968c03d
SHA1

64afe64ee719aa3526023a5f7edacd44db21bde4
SHA256

47a46de105177d826cbda74051f7f9d7bb95ed079c2e636743f9f04ad8c6c4a7
SHA512

68f108646437fd72622cd1f719b2092b095e67500502981c4b605c64acaa38c12f46a82e47318b405137e5112ff82ccb51bfbb953b67fd3d1e9a5de1c2874483
SSDEEP

768:juAKNTR4ydbWUnrGJmo2q7zL5P02FUFdxYkk8PIWzjbAgX3ih8QNd4sqyVUbGKZ9:juAKNTRZ22oLDmWBW3bnXSh8QN6sqEWh

Score

10^/10

asyncrat redline sectoprat server.underground-cheat.xyz discovery execution infostealer persistence rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

0x00080000000162ed-1051.exe

Resource

win7-20240704-en

asyncrat redline sectoprat server.underground-cheat.xyz discovery execution infostealer persistence rat trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

0x00080000000162ed-1051.exe

Resource

win10v2004-20240802-en

asyncrat redline sectoprat server.underground-cheat.xyz discovery execution infostealer persistence rat trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

C2

blue.o7lab.me:7777

server.underground-cheat.xyz:7777

Mutex

dtDtRWyW1m1g

Attributes

delay
3
install
false
install_file
$77WinUpdate.exe
install_folder
%AppData%

aes.plain

Extracted

Family

redline

Botnet

server.underground-cheat.xyz

C2

server.underground-cheat.xyz:1337

Targets

- Target
  
  0x00080000000162ed-1051.dat
- Size
  
  45KB
- MD5
  
  3b86abe4c79286ed06965c268968c03d
- SHA1
  
  64afe64ee719aa3526023a5f7edacd44db21bde4
- SHA256
  
  47a46de105177d826cbda74051f7f9d7bb95ed079c2e636743f9f04ad8c6c4a7
- SHA512
  
  68f108646437fd72622cd1f719b2092b095e67500502981c4b605c64acaa38c12f46a82e47318b405137e5112ff82ccb51bfbb953b67fd3d1e9a5de1c2874483
- SSDEEP
  
  768:juAKNTR4ydbWUnrGJmo2q7zL5P02FUFdxYkk8PIWzjbAgX3ih8QNd4sqyVUbGKZ9:juAKNTRZ22oLDmWBW3bnXSh8QN6sqEWh
Score

10^/10

asyncrat redline sectoprat server.underground-cheat.xyz discovery execution infostealer persistence rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Command and Scripting Interpreter: PowerShell
  Start PowerShell.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratredlinesectopratserver.underground-cheat.xyzdiscoveryexecutioninfostealerpersistencerattrojan

behavioral2

asyncratredlinesectopratserver.underground-cheat.xyzdiscoveryexecutioninfostealerpersistencerattrojan

© 2018-2025

Terms | Privacy