asyncrat

General

Target

SecuriteInfo.com.Win32.DropperX-gen.11831.8378.exe
Size

577KB
Sample

240809-twzlvawgpg
MD5

b98dc1d3907a29896233f92a1f91cc15
SHA1

daf5fa345ab29376c10ada6065f4e77526e8b531
SHA256

20e9ad367dd61cf76d9aa1bd6993cf2c6a289b433d44fb445b0fb6d8a634fd03
SHA512

a387a75cdb72537458e692e2339ed0840d7a4ffec390becd5175e142f10467c8e67c8c268b682b5c9d05facbdd1164c1d35875994b1b2398fca4578256bd6c90
SSDEEP

3072:COsA++eZfkec3uppruBjYP2+t9deQ+rjnCvulC7/X3UcrBw5KPA:vsA++eFfniB853eQ+rTCvNxrCKP

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

591_GreBe

C2

89.105.201.98:591

Mutex

NJ1234dfffddfddfdfKJHYGTGYHUJIKOuy7t6r5er6t7y98u0iH&GYFTRCVGBHU9u8y7T^R%DFTYG&UHJ(K)_

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  SecuriteInfo.com.Win32.DropperX-gen.11831.8378.exe
- Size
  
  577KB
- MD5
  
  b98dc1d3907a29896233f92a1f91cc15
- SHA1
  
  daf5fa345ab29376c10ada6065f4e77526e8b531
- SHA256
  
  20e9ad367dd61cf76d9aa1bd6993cf2c6a289b433d44fb445b0fb6d8a634fd03
- SHA512
  
  a387a75cdb72537458e692e2339ed0840d7a4ffec390becd5175e142f10467c8e67c8c268b682b5c9d05facbdd1164c1d35875994b1b2398fca4578256bd6c90
- SSDEEP
  
  3072:COsA++eZfkec3uppruBjYP2+t9deQ+rjnCvulC7/X3UcrBw5KPA:vsA++eFfniB853eQ+rTCvNxrCKP
Score

10^/10

discovery asyncrat 591_grebe rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2