asyncrat | c5f1a5b7e52e45fada01acf1bad4b1e152d6b9cd9188cbae9688840a6d00f6e3 | Triage

Resubmissions

07-08-2024 01:09

240807-bjbedazdqg 10

Sharing

General

Target

FutureClient+Cracked.zip
Size

7.1MB
Sample

240807-bjbedazdqg
MD5

d16d8ad29cbc215b9efd196ec3958727
SHA1

96e1110eeed05d54e7c8e36256e21e3b15af9821
SHA256

c5f1a5b7e52e45fada01acf1bad4b1e152d6b9cd9188cbae9688840a6d00f6e3
SHA512

ff07a372371742cf9fa2423bf5bb75cb22c3a6dedcbf400acef89bf2066e7c3ee37bf5fd05bca6ae06ec0f9632561cea3f953c38bfc24f92ed102f710a5b42d0
SSDEEP

196608:gjsMuzZu8YSTljt78cNMTuzZu8YSTljt78cE:ggUdSTljFy3dSTljFU

Score

10^/10

asyncrat future g discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

true

Botnet

Future G

Mutex

RRAT_nMo7Zfs0N

Attributes

delay
3
install
false
install_file
powershell Add-MpPreference -ExclusionPath C:\
install_folder
Explorer.exe
pastebin_config
http://pastebin.com/raw/KKpnJShN

aes.plain

Targets

- Target
  
  FutureClient Installer.exe
- Size
  
  513.0MB
- MD5
  
  1bc454831d43186b177650744ee816ef
- SHA1
  
  ea81e70af830fd270617db0a260b0efca6e71394
- SHA256
  
  0d4daba50682885610e2d07d133532e78eb18ba7b7b2deb6a685230019a6d611
- SHA512
  
  d0819a56e399c50ed3f062b7be9f195c2eadd40988b7127b1a106c3ec8102e3de231edb3efdc68eeb8f59fd080667db9d317fb72762e84b19efc3c5825a16f30
- SSDEEP
  
  98304:U6vhXimZzuDhfThmDJ02+aHJfZRpiGCgcs6vhXimZzuDhfThmDJ02+aHJfZRpiGY:U6aQJ3+aHhZRXCgz6aQJ3+aHhZRXCg
Score

10^/10

asyncrat future g discovery execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratfuture gdiscoveryexecutionrat