asyncrat

Sharing

Copy URL

Twitter E-mail

General

Target

8eb6236d11b0463ae82eb268ccc1f7e9.bin
Size

460KB
Sample

240904-bzmscatenf
MD5

dead6848ad078b7fb5c1556b437bdc1f
SHA1

61657991731bb4ded376abe9ac223ee7c721be2b
SHA256

fa85009348923daee9acc7adef2f6926f6442aabffcf393abaae4ab17cc9795c
SHA512

dc8e5f8de0c606b4f844ea6cb0de8772cfe3a685c6396aafa8d148f7a3e4bce38d45106a108dd749c66565690c4c1567f496621b44dadb0bab43d0c2dbe1a719
SSDEEP

6144:spJ5n0J0bFlxjOMGCcnkuuTEZvUT2yyRudXQPDPVzae+EOW6G3BWPEEI:2J1O9knTmvUbyEQPWEjX48N

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

fresh01.ddns.net:2256

Mutex

waVkxgc3A4Ar

Attributes

delay
3
install
true
install_file
logs.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  37d1af5c7af78a7bcb958b0b71440091bec44ec86f33cd7547b18eb748d0bc01.exe
- Size
  
  579KB
- MD5
  
  8eb6236d11b0463ae82eb268ccc1f7e9
- SHA1
  
  08e1140bb7dd86231b8dbbc686e894cfe1d1c7b0
- SHA256
  
  37d1af5c7af78a7bcb958b0b71440091bec44ec86f33cd7547b18eb748d0bc01
- SHA512
  
  d07bf2ec8ca8a57475b1d03214dea1b5c2f300962618d8fde5d987d94c749a0282cb639d6162d79ba10010c05f3df22b7e5d1036cb91bfdd1475198f82fc1af5
- SSDEEP
  
  12288:sCn4AyHnseftJpS/mErsKah4dNTTdAPCDbWhwP8wEV:/nEnseftbYmtX4pTywP8R
Score

10^/10

discovery execution asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/BgImage.dll
- Size
  
  7KB
- MD5
  
  49998d066af103d06b56f5b4c76b1497
- SHA1
  
  b7dce166147f40dfa17f5ca950c4e324a10d04be
- SHA256
  
  95042dbe7428461ee7fd210acf37040eb921012c7b32f66cb54766f0a16bb5b6
- SHA512
  
  61b0d75ef3a18c8c13ad8c614a012a71cbc4f6fd4bba0aa0c7b866e1a8fbf5f9fdb3e012a3566586d47fc8b456a7de36a06a0d70cdf27e504aac64eab37555d7
- SSDEEP
  
  96:8eQMA6z4f7TI20Y1wircawlkX1b3+LDfbAJ8uLzqkDnLiEQjJ3KxkP:tChfHv08wocw3+e8uLmiLpmP
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  19d3373e403a6e724cfa1563dfd1f463
- SHA1
  
  4917547b355a91e9431879209f56925097bf4fb3
- SHA256
  
  873fa0c52eae7cfbed56ea18b21fad0ca8f018ab7f305bd1db1a3ec454e353d1
- SHA512
  
  b6f6db23376ade4bb864ea14244980612f42f322d3915540090bfe8edc80e9577b7aec3589bd587ca47a729371ed8ab8e6e23031bb3e3f524d48783637646193
- SSDEEP
  
  96:oXF7lf7AR1VhrfzBik0cxM2DjDf3GEkniJnifvcx4I8qndYv0PLE:oXFl7wrLBn0REc0Jx3dO0PLE
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  6c881f00ba860b17821d8813aa34dbc6
- SHA1
  
  0e5a1e09b1ce1bc758d6977b913a8d9ccbe52a13
- SHA256
  
  bcb93204bd1854d0c34fa30883bab51f6813ab32abf7fb7d4aeed21d71f6af87
- SHA512
  
  c78d6f43aa9bb35260a7bd300392ce809282660283fa6cb3059bae50d6db229b0b853cab7c949d4bdf19309fb183257b1c9feb01a66347e1c0adeb21543315b6
- SSDEEP
  
  96:DOBtYZKtPsrqBApt1JHpb9XWk7Qe06iE6mE6YNFyVOHd0+ugwEX:DtZKtrAJJJbP7iEHEbN8Ved0PM
Score

3^/10

discovery
behavioral7 behavioral8