asyncrat | 4583a1571f9b3b243e99e0f2bb56ba1492ae3371bce975af8ddede349a7be5bb | Triage

Submit
Reports

Overview

overview

Static

static

3

ve.py.decoded1.exe

windows7-x64

1

ve.py.decoded1.exe

windows10-2004-x64

Sharing

General

Target

ve.py.decoded1.exe
Size

344KB
Sample

240925-e3j3eavfml
MD5

df30248a64d62d5d7f368a280ca3b30f
SHA1

f7478cf4d97675956b98b577c473007b479df034
SHA256

4583a1571f9b3b243e99e0f2bb56ba1492ae3371bce975af8ddede349a7be5bb
SHA512

6f653b58f8852623a51f5a11f7fedaa9c22a275938ce9866b39b1d6e77add26b30bad937247b60af915365cfe3f4da3f9394623605e7217f517968d8d4b79485
SSDEEP

6144:Mw16Niu3DOHDOCJTAL8QvjCdMH9O1BNI:M06Niu38DOqTAL8QvgMo7I

Score

10^/10

asyncrat stealerium default collection discovery persistence privilege_escalation rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ve.py.decoded1.exe

Resource

win7-20240903-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

ve.py.decoded1.exe

Resource

win10v2004-20240802-en

asyncrat stealerium default collection discovery persistence privilege_escalation rat stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

91.92.247.210:3232

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  ve.py.decoded1.exe
- Size
  
  344KB
- MD5
  
  df30248a64d62d5d7f368a280ca3b30f
- SHA1
  
  f7478cf4d97675956b98b577c473007b479df034
- SHA256
  
  4583a1571f9b3b243e99e0f2bb56ba1492ae3371bce975af8ddede349a7be5bb
- SHA512
  
  6f653b58f8852623a51f5a11f7fedaa9c22a275938ce9866b39b1d6e77add26b30bad937247b60af915365cfe3f4da3f9394623605e7217f517968d8d4b79485
- SSDEEP
  
  6144:Mw16Niu3DOHDOCJTAL8QvjCdMH9O1BNI:M06Niu38DOqTAL8QvgMo7I
Score

10^/10

asyncrat stealerium default collection discovery persistence privilege_escalation rat stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Stealerium
  An open source info stealer written in C# first seen in May 2022.
  stealer stealerium
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Async RAT payload
  rat
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Network Configuration Discovery

Wi-Fi Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratstealeriumdefaultcollectiondiscoverypersistenceprivilege_escalationratstealer

© 2018-2024

Terms | Privacy