asyncrat

General

Target

SecuriteInfo.com.Win32.DropperX-gen.709.18225.exe
Size

216KB
Sample

240809-twypjswgpb
MD5

5dd4e2111931c62c4093aa49f4934b9a
SHA1

077c3e7aecd3e796246bb9d8c6d8bebed575187a
SHA256

256bf164fbfd8bf52c47f08c73492854601a8579b642d72f7b9facae1f7e1d35
SHA512

5a205d6c4c11c41562bd127c3196645ae4ecdfbe551531cc250c2abd72952403e5846561e98142d51e38777c7f597817e44aca4cb9e1ac8607db1509cafd5435
SSDEEP

3072:EOsA++eZfkeB3uppruBjYPS+ttfQfLgJVNfSSl9WBX7/X3UYdB8:5sA++eF0niB89azgzl9wLd

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

591_GreBe

C2

89.105.201.98:591

Mutex

NJ1234dfffddfddfdfKJHYGTGYHUJIKOuy7t6r5er6t7y98u0iH&GYFTRCVGBHU9u8y7T^R%DFTYG&UHJ(K)_

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  SecuriteInfo.com.Win32.DropperX-gen.709.18225.exe
- Size
  
  216KB
- MD5
  
  5dd4e2111931c62c4093aa49f4934b9a
- SHA1
  
  077c3e7aecd3e796246bb9d8c6d8bebed575187a
- SHA256
  
  256bf164fbfd8bf52c47f08c73492854601a8579b642d72f7b9facae1f7e1d35
- SHA512
  
  5a205d6c4c11c41562bd127c3196645ae4ecdfbe551531cc250c2abd72952403e5846561e98142d51e38777c7f597817e44aca4cb9e1ac8607db1509cafd5435
- SSDEEP
  
  3072:EOsA++eZfkeB3uppruBjYPS+ttfQfLgJVNfSSl9WBX7/X3UYdB8:5sA++eF0niB89azgzl9wLd
Score

10^/10

discovery asyncrat 591_grebe rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2