asyncrat | b14613da1af90d6b88d2d62240b055f861b397529aeba63708586f3c25289aea | Triage

Submit
Reports

Overview

overview

Static

static

2024-10-21...ta.exe

windows7-x64

2024-10-21...ta.exe

windows10-2004-x64

Sharing

General

Target

2024-10-21_eb5c04fcf61f943270e9a73d72a4bb53_hiddentear_neshta
Size

279KB
Sample

241021-f3tghs1bke
MD5

eb5c04fcf61f943270e9a73d72a4bb53
SHA1

5a5d57cafdad9b8aee9dd6967a00a0aa228d4f08
SHA256

b14613da1af90d6b88d2d62240b055f861b397529aeba63708586f3c25289aea
SHA512

08c3d7c00516a8ff1136b5c52bda1c22fd018e4f0497a5cd69d92a66a437bcd0c6e9b1494d292a78fbaf4f26a1a69e864b5229377622fab037b30b669fc8c5e0
SSDEEP

3072:sr85CtTF9Kw/kxLk42s/8Y31/Yvi9GA54IkMwP5gMTmmsolNIrRuw+mqv9j1MWLo:k9tTF9KxLp8YFgvwmZrTmDANm9zHMU

Score

10^/10

asyncrat neshta default discovery persistence rat spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

2024-10-21_eb5c04fcf61f943270e9a73d72a4bb53_hiddentear_neshta.exe

Resource

win7-20240903-en

asyncrat neshta default discovery persistence rat spyware stealer

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-10-21_eb5c04fcf61f943270e9a73d72a4bb53_hiddentear_neshta.exe

Resource

win10v2004-20241007-en

asyncrat neshta default discovery persistence rat spyware stealer

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

54.253.7.109:4447

Mutex

XqcNee3124zJ

Attributes

delay
21
install
true
install_file
service.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  2024-10-21_eb5c04fcf61f943270e9a73d72a4bb53_hiddentear_neshta
- Size
  
  279KB
- MD5
  
  eb5c04fcf61f943270e9a73d72a4bb53
- SHA1
  
  5a5d57cafdad9b8aee9dd6967a00a0aa228d4f08
- SHA256
  
  b14613da1af90d6b88d2d62240b055f861b397529aeba63708586f3c25289aea
- SHA512
  
  08c3d7c00516a8ff1136b5c52bda1c22fd018e4f0497a5cd69d92a66a437bcd0c6e9b1494d292a78fbaf4f26a1a69e864b5229377622fab037b30b669fc8c5e0
- SSDEEP
  
  3072:sr85CtTF9Kw/kxLk42s/8Y31/Yvi9GA54IkMwP5gMTmmsolNIrRuw+mqv9j1MWLo:k9tTF9KxLp8YFgvwmZrTmDANm9zHMU
Score

10^/10

asyncrat neshta default discovery persistence rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Event Triggered Execution

Change Default File Association

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Event Triggered Execution

Change Default File Association

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratneshtadefaultdiscoverypersistenceratspywarestealer

behavioral2

asyncratneshtadefaultdiscoverypersistenceratspywarestealer

© 2018-2025

Terms | Privacy