asyncrat

Sharing

Copy URL

Twitter E-mail

General

Target

8286913b27550033c014364f88fd7b80a506f3a0da12e08224369b798582cbd2
Size

6.0MB
Sample

241111-srz65szlcz
MD5

eac50b2727a6c940586be6436424cacc
SHA1

a1e272cb702e50eb48ef88c6bc4a2d398cd04875
SHA256

8286913b27550033c014364f88fd7b80a506f3a0da12e08224369b798582cbd2
SHA512

d2b61237c72f0611e1b94df2a12c3d52097700ae51b77b4e3ea92bad3e15e7dd3cedbeb55b8c5a4b2df8dac5285117eac6d79ca14979dadcec39b168a7510572
SSDEEP

98304:2HOodAXjoGoAnJwqI8pMXXhuwK9uLXNw6+dERQagvbZtBIeIh0BcfHTOdE6ppCz3:2UjoGoAJwDmMHhuP9uL11QaibVICYTOo

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

grabchopps.duckdns.org:15489

Mutex

glotrsvfb_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  AACready-GF.exe
- Size
  
  7.1MB
- MD5
  
  974664dbf6d8c80702d556b585ce654c
- SHA1
  
  b994a6821182eaecdb26a22b2d511c773272a83d
- SHA256
  
  4a5fec98c60b33e691b0eef02ae37f4dc13aa7594ac8838b3e4f41132264df4e
- SHA512
  
  613a23a1e6e8c1eb033b93e910f6092ec33f654b34336942eebbbe251f8358e37d3fc074c3e885de2edc48eb96c2dd1cbbb1bf6871823fc44961e67ed052d4ed
- SSDEEP
  
  98304:49SRtK87ch0RCvu3JdGoGpJm9GRkwK8g+psqof+FE0CcJkA8gNB4z6n:jRtKoch0R2oGpjaGXRJkAE2
Score

10^/10

asyncrat default discovery persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  ProtobufLite.dll
- Size
  
  530KB
- MD5
  
  a9ad3484442b9ddae6d44d990928d7d7
- SHA1
  
  dfd46b53cce5f8b57f4755dfa2b97822c5756c71
- SHA256
  
  9b751393d74c2b21e80bfa205dc30021d93dfd483168c67f81e2619a79f6a012
- SHA512
  
  8d17e8f2f6c85ec84c8763f20c1e5ca3c00b5a1c6ea5167ae840d2056ca205f1029c5d89885e0c43bfa175d0a98b17fac2989960b65f13dd7a434a395f41c2b5
- SSDEEP
  
  6144:kyUOGY5EhEDjrK5wFEIaY3mFFxpxxp3ICm/py8L:on8nowFEwT
Score

1^/10
behavioral3 behavioral4
- Target
  
  api-ms-win-crt-conio-l1-1-0.dll
- Size
  
  29KB
- MD5
  
  bf5d1bd5b4547989aaa150458af69124
- SHA1
  
  5200e7e4565f69ce6adc7af217493e2969c47e10
- SHA256
  
  4653388826595badf7fa989477f0bb3b13b95adcf18cf020fb3c1d0fd52d1152
- SHA512
  
  0f6550f9b2bfd35d0c282e4714685678eb07eb50fe3c64f992b5050fff628713a5bda85f2615f52fd7458559f5a7aa141714050eeecb0f8f28d1d04cc3485b82
- SSDEEP
  
  384:KWZhW62xlcscvpNR9z7Yw345Q4m4IBss264RE4TdE54Rr4RbiaGW4jS4E84q4EoN:1j2B019zx3mRSp6asS3kq
Score

1^/10
behavioral5
- Target
  
  api-ms-win-crt-convert-l1-1-0.dll
- Size
  
  33KB
- MD5
  
  f4a6b29224e90e013386b23d4d4c2fb7
- SHA1
  
  4fa140eb17eaaa5773c2068f1c11afced55acde0
- SHA256
  
  c95e946473e504985216a28ec29b6db44c1fdd0a416d806b3ffa50962b231896
- SHA512
  
  7b01016cfbb28495fff4100a347adbb4db8985a49c18a5352fa8a0d0653973a203d9a26c230367c5351b8b0ee0ef5a238987a4b96665e1a09cf4a777d96039ce
- SSDEEP
  
  384:LyNWZhWt2xlcCg2ZwR9z203H4m4IBss264RE4TdE54Rr4RbiaGW4ry4E84q4Eo4s:5U2bM9zpKSpy6sSJ
Score

1^/10
behavioral6
- Target
  
  api-ms-win-crt-environment-l1-1-0.dll
- Size
  
  29KB
- MD5
  
  d7230a1913b7b57af22d3c1886a5d013
- SHA1
  
  eff1be3c8e5ea9ab6f6e41a3e782e5eb55261fae
- SHA256
  
  57b648bc55ec923893e528991b5c7256d525b02a19d86f5c77a167c29d6217d5
- SHA512
  
  b0785eae2b44e3dca1a2513bc0a2ff57bcd838fb9384f47362c6c4121391dc9f2acf8f0d49f4b114125f38cffbddb8c30782b5b5ff430e611a99cdace4aa71a2
- SSDEEP
  
  384:HWZhWp2xlcU/vpNR9z7Yw3MW14m4IBss264RE4TdE54Rr4RbiaGW4BP4E84q4Eo3:WA27319zx3OSpQLsSI4
Score

1^/10
behavioral7
- Target
  
  api-ms-win-crt-filesystem-l1-1-0.dll
- Size
  
  29KB
- MD5
  
  befa6fc0d0359993410d60953d891cb6
- SHA1
  
  6e4f79aebbf3928a4f25eec1de0e078217d3a50c
- SHA256
  
  5adf2f6daa2e17effba1f96c0f38bd625d63b52a328add23cbe3ed7317259f73
- SHA512
  
  0ac868fa3135b86c0c34888f12c93fad58b560925d65b194d124114f39f64c2b6ceda0dc91c4a3044d112cfacc73a4be44151bcbebe7beac7c7abb6ed2f2b0ef
- SSDEEP
  
  384:wptnWm5C1WZhWeA2xlcPl1Z0R9zbAS4m4IBss264RE4TdE54Rr4RbiaGW4eqfqUh:wptnWm5Cw5A2sZ49zEDSpwfqusSF
Score

1^/10
behavioral8
- Target
  
  api-ms-win-crt-heap-l1-1-0.dll
- Size
  
  29KB
- MD5
  
  1d452e632a9eb406ca71921d80157a04
- SHA1
  
  7ddfb9ef577919ddf09cd7226cba7cb2012ef834
- SHA256
  
  da720db037a185c6085fc3e48d0026b9de2227d6d27182bfd21702ec8d5a9272
- SHA512
  
  8aa458be0375f46a76b8c99f40177d7565f10b82a29aebab798a2989c33c439a7c4faaa77cd595640f0935e00cc870248066cd7e524d88f501bcc4752ab4fff0
- SSDEEP
  
  384:RLNWZhWXu2xlcdFwR9z20tylc4m4IBss264RE4TdE54Rr4RbiaGW4gc4E84q4EoB:xov2MM9zptYSppUsSf
Score

1^/10
behavioral9
- Target
  
  api-ms-win-crt-locale-l1-1-0.dll
- Size
  
  29KB
- MD5
  
  cfe356452ae13fe062d83132e485bc9c
- SHA1
  
  4d0841bfdad4bcb80d56fd9f122ba5fafe411d91
- SHA256
  
  7ef025acc6f5ec8c6af5b0b6982cf55ca3d77d6d750222ce2fd5133bf5c7e77f
- SHA512
  
  b7c0b673799c1c3bc7388cb302ea15d0cecc15073b9be5d3e727b69f6b53eb342a90d482a1a4d6379562d0915e2d930de6bc3dbe5f9a1a7c31a5c65a004471f8
- SSDEEP
  
  384:GWZhWk2xlcR6lQwR9z20+OCo4m4IBss264RE4TdE54Rr4RbiaGW4kZc4E84q4Eop:Bl2YM9zp+XpSpzmsSu8X
Score

1^/10
behavioral10
- Target
  
  api-ms-win-crt-math-l1-1-0.dll
- Size
  
  37KB
- MD5
  
  636cf78b5f94c5f161c3147579e7e15a
- SHA1
  
  cfb759d862f0d3f73a8d629856acdad68771a30e
- SHA256
  
  8f2afe76d4e96ffccc6de99988af830f99c8dd20307dd893a9f99a83b0cb18a3
- SHA512
  
  2daf15c16ac6d52c4083c87ac60e0c8963649fddf6770d130d7ae0a49c542bcfdb1c4170fff0ff4daca353ff4cd1a579ee8cdc699d992f3b5719760ad073378d
- SSDEEP
  
  384:L7yaFM4Oe59Ckb1hgmLBWZhWW2xlc0/2NcM6a1R9z/fh4m4IBss264RE4TdE54RB:fFMq59Bb1jsv2z+n6K9zkSp5sSA
Score

1^/10
behavioral11
- Target
  
  api-ms-win-crt-multibyte-l1-1-0.dll
- Size
  
  37KB
- MD5
  
  61d1cdf7fdd9fa3975135a5b765fe270
- SHA1
  
  d934ed319bfda3dc8b428cb6ca8fb98bb59fd84c
- SHA256
  
  49eba98053447b3a93282eca24be02cb599296b447e10386fe69fa4ae00da457
- SHA512
  
  8d5a7ba5cb1a21c95951396313fc06da77356eb5e3312da5c8b780810b6be50661420a1f6706516581a8805cf1586171bff92c864ac11402f605cce75d7a7295
- SSDEEP
  
  384:9hhvLPmIHJI6/CpG3t2G3t4odXLBWZhWX2xlcb5P1Z0R9zb7154m4IBss264RE4h:HhPmIHJI6qi2wZ49ztsSpoqSsS5
Score

1^/10
behavioral12
- Target
  
  api-ms-win-crt-private-l1-1-0.dll
- Size
  
  81KB
- MD5
  
  9f13f0f6430261bf0b4de3713e8d3e7c
- SHA1
  
  fd6202e3efe95a74b9aa9cc10c0bb5d23cf99e25
- SHA256
  
  9081c164b3d4bc1d00f83d4ea687ed307c36ada91c8a862dfb571c519d5cd511
- SHA512
  
  600b64f28a1c1e01fe2b174af54343f70249efce1a86f1d6625ec902ff45fb0ab59ddbe6f5c0ff66c7ba22b5507b99cd6c246907df16bb3d7b156b0105263428
- SSDEEP
  
  1536:TfQTZqDe5c4bFe2JyhcvxXWpD7d3334BkZnjPKd22WzHaQd:wZqDe5c4bFe2JyhcvxXWpD7d3334BkZn
Score

1^/10
behavioral13
- Target
  
  api-ms-win-crt-process-l1-1-0.dll
- Size
  
  29KB
- MD5
  
  6468c60a3a97ae9a0ca3d81ce2495fbb
- SHA1
  
  2cb9a4382f48ff95576cd38e054c0a300784b6b3
- SHA256
  
  1ebf142cb9f39603f1fc8b359eeb65703b97a5bedbe4ca87480b31abd9d5a56b
- SHA512
  
  687db642c185fb68abb06302a6e799a61edb2e09a0f6973d8a39d1ce0a5afa807b38094167e46462b116e965eef06f72ce238f32964be9841dd8beb01efe9cec
- SSDEEP
  
  384:D4rsWZhWZ2xlcIvpNR9z7Yw3rJQ4m4IBss264RE4TdE54Rr4RbiaGW4o4E84q4EL:0nc2D19zx3PSpXsSS
Score

1^/10
behavioral14
- Target
  
  api-ms-win-crt-runtime-l1-1-0.dll
- Size
  
  33KB
- MD5
  
  3e851332e4c9b6953d16a9a9c52be7bb
- SHA1
  
  923571cc27ccc4eab870e43776dea12e369010cb
- SHA256
  
  2dbea753a0f6df408cae64f10175e0180b0ffbb0d8136effce7aa6f28667860e
- SHA512
  
  f541c2554547e70a20ab37d26d814b4b02f1b4f93c5ee9e57a0d0d769c493958acd9445f43548d3ecd2dfc6811c32275278e0879dcc6c21f73e37528f7865dfa
- SSDEEP
  
  384:uysyr7HWZhWN2xlcAkPXj05seyR9zuXf24m4IBss264RE4TdE54Rr4RbiaGW4G4f:V3r7W824Xj05sN9zAPSphsSI
Score

1^/10
behavioral15
- Target
  
  api-ms-win-crt-stdio-l1-1-0.dll
- Size
  
  33KB
- MD5
  
  1c757866a8156e431c8f336c043e4f60
- SHA1
  
  a462fa64cc832b0cf5d43d9e026539fd055655c2
- SHA256
  
  cd16230a3f933c79cb4171ba976dae21a09f982cba660746830158601f3209cd
- SHA512
  
  fbda894cdcc48eb5452f7a0f4d5da0b73564158a19205999c6eb5380a6c86d664bf12fd33d19359f37e508e0c002cb93818a129861c55a15e59ca92e5df44468
- SSDEEP
  
  384:QV2oFVhTWZhWV2xlc/X1owR9z20X4m4IBss264RE4TdE54Rr4RbiaGa494E84q4b:QZwk2JM9zpqSpssSBF
Score

1^/10
behavioral16
- Target
  
  api-ms-win-crt-string-l1-1-0.dll
- Size
  
  33KB
- MD5
  
  6193ed8334d136d50bc0e451fdd6f06d
- SHA1
  
  29d785451288f0884961a6c7a87a9e51e1441a90
- SHA256
  
  25eeb12cba8b302c92c6af880ad0de5e80cc5f41613e6cbb9d9a9b7736f7ee98
- SHA512
  
  72d112474472a8496b934a7c13f023be4dd65d7739a77791034c23eefc24b529c330f53373c68999bf39564bce746f2ea5db100cda72cb80ef5c4abcf8f22f1d
- SSDEEP
  
  768:mCV5yguNvZ5VQgx3SbwA71IkFBvC109z53DSpYNsSC:h5yguNvZ5VQgx3SbwA71Iqq6z53wF3
Score

1^/10
behavioral17
- Target
  
  api-ms-win-crt-time-l1-1-0.dll
- Size
  
  29KB
- MD5
  
  6a47d26f8540172807ebb75309fedd9e
- SHA1
  
  35c7bcae9c639dccc236aa6246397493bbf72ca6
- SHA256
  
  4f4597eb4d1b03261cecea807e48b518cff573547be0a5031b08140da8d570f8
- SHA512
  
  1627fc13e8e010d2220ea968fa188ac813878e426fd34c8f5b546bba9d265a0846bb85323aeab7ec2f5e18e23e9ddbf8fe69a8dbe1acbcace9304510f7ae850b
- SSDEEP
  
  384:HWZhW02xlcS71Z0R9zbK2J4m4IBss264RE4TdE54Rr4RbiaGW4RQyb4E84q4Eo4U:WJ2DZ49zuSp+HvsSh
Score

1^/10
behavioral18
- Target
  
  api-ms-win-crt-utility-l1-1-0.dll
- Size
  
  29KB
- MD5
  
  2fa7078b24dbc8409fdebccf7b1873c5
- SHA1
  
  77c8853d5d4e93f2b77b2e0ae8ee1ecb0c963a49
- SHA256
  
  9f6f69ca2f9dbb5868735f91fa90146d5ed5ffcddf8cbc859f85c9d4c3539c33
- SHA512
  
  3fc2d17d7946f2c425aaf1837cc8f21272f18f8c197047315ae7d3e64c072466acfa4a252202d6955d0a33080071c326362fa5b53ecdd492c8693d4e13dc7365
- SSDEEP
  
  384:Y/f5WZhWJl7Cj05seyR9zuXfIuff4m4IBss264RE4TdE54Rr4RbiaGa4e4E84q4b:Y/fE0dCj05sN9zAIufySpXsS7
Score

1^/10
behavioral19
- Target
  
  concrt140.dll
- Size
  
  318KB
- MD5
  
  5d65058dfae38cc6c0a0a5d7098eeeaa
- SHA1
  
  09da63cc227ebd79e5075e2df94f01233375ca6c
- SHA256
  
  583416892a47f0d2daecfea36b524da8a4153472b7988993ff2e48e882fd2460
- SHA512
  
  92f717b89be925e6a35e4b393826945267fa855b18ebb10a391af62ec7c375fe5db2d431d29e179b56bca2094a763d358b94538578a8b261f47fe3a635e17979
- SSDEEP
  
  6144:jeV3LtEWoA9HWv5SAGltP/RO7mDNcCm4z5xnWzgcIY6VrwipS:yV7twAhA0tPn2zyVhS
Score

1^/10
behavioral20 behavioral21
- Target
  
  concrt140e.dll
- Size
  
  47KB
- MD5
  
  8783398e072664a3f093baae88ea0c09
- SHA1
  
  f7d394151405fd5ff39346bd6bd2a890c1608418
- SHA256
  
  34ab61cb1a03c3f571d73478a0a6540ee36ced84ee0cbb73a58554534dcd338e
- SHA512
  
  5d82afefedb0e34e0521412bf59dfacd74cc6e4512199c36bec1b988efd1341abd784d91661a65891950ab87fe49830b17a510216adf3f2b64346662763d7d8a
- SSDEEP
  
  768:fMWE8Dn/hJWvEL4eqPWYGw5ZW4sziQ0Pl0aHdHQvyluaaDp9cuYj0lQkkhcX3aRD:EWEyWs8eqHGk+26aHgvDpe0lQkk+KRwY
Score

1^/10
behavioral22 behavioral23
- Target
  
  msvcp140.dll
- Size
  
  566KB
- MD5
  
  c7bd5aa5f047098ef99360853831a83a
- SHA1
  
  64f3da3e5610b5133fac3293259668178819b9ae
- SHA256
  
  5f4684aff855b8886b9e4745f7d333aeb8d4a208ac1464bb73a7034d1abb40d4
- SHA512
  
  345ba6f9d0d8de2eb93afa34504a5be6c1e4f03828d7d9d08f38011d70fadee78bc1adf4fa16e0b49696a1748935ccc559d4f449dc9f136de9218436142b35f1
- SSDEEP
  
  12288:2CParwZBMpKD/Xpc7l0HV0oJKD3mmuCo7WJ5QWdH2aSaMPWtQEKZm+jWodEEV2uu:2kEH2lWtQEKZm+jWodEEkl
Score

1^/10
behavioral24 behavioral25
- Target
  
  msvcp140_1.dll
- Size
  
  32KB
- MD5
  
  b7c476a61eb25c5d35f3096740e597e0
- SHA1
  
  895be70b1764019a7e0ec88f6b0a836013807471
- SHA256
  
  8bf8d49489b9fbff3cde82d31a747784223aebecf30fd776b414ca6a5e46c0ce
- SHA512
  
  3631326864318edb576a9c770a97997ff715ee707d67eaf080a733e6b5be9c39bfe0c8dbcd23f6b9e7de1706be21b6af61074338a96063f2cbaa1f6ef3a10f64
- SSDEEP
  
  768:LCe8d8YbODi0K5mxn6K9zugz6wSOSpGsSC6:mezK5mxnXzukwhlU
Score

1^/10
behavioral26 behavioral27
- Target
  
  msvcp140_2.dll
- Size
  
  192KB
- MD5
  
  7751b350bfb551112430606a6b0df4aa
- SHA1
  
  0877d0fe0c41e786fe3b90d1ad69f4de43052941
- SHA256
  
  635f8eaf5febc058ce371e52eb619b0de599c51da3b929f3e8c3f3b0d9a465cf
- SHA512
  
  f0df37bf6acfdc95aedf31b7afb9a1f6aea30aa96a1bb010d65378fdfc2c6d3d22fd987df94f4089cfcc0a6d9548875182d8c6eb642c24a3f15fafb5f27e2878
- SSDEEP
  
  3072:lFpSw7QaKTCcqBlixmbKKnZ+mFnCPJ7+uNPExAsqvK+H9qaSBBf0cRMBNer5:lHwoBlijgZ+N7d0+uVpRMs5
Score

1^/10
behavioral28 behavioral29
- Target
  
  msvcp140_atomic_wait.dll
- Size
  
  46KB
- MD5
  
  f44a8976a23593e279c6d2148432e370
- SHA1
  
  02adec88ea6354b0764e4671c189b3ceba3a305e
- SHA256
  
  ff18cf4e4901136ff647f056bff8c8f1706d783ba9fa35b16f35fafa9a5d2c18
- SHA512
  
  4117b3360cf82f9407c97cffdcda1057d2ce6130bb15ab60fc89a2549e10a1986708c481bbb6df96f7d8e76a2a08a8153175d55a7b107f73b0c66c0c81cce300
- SSDEEP
  
  768:ZHI2YWR6M3724d2XOtKCulibed9zuaSpbsScO:xrJd2XOJul9/zuF4k
Score

1^/10
behavioral30 behavioral31
- Target
  
  msvcp140_codecvt_ids.dll
- Size
  
  29KB
- MD5
  
  67c6156c10262186565f1e30c5c14bd2
- SHA1
  
  c5ac39c473edde393e27f945878872fb7723f2a5
- SHA256
  
  42ac3c3a4ebcb1bff0bbb6fe5012662206eaf1794ef5e2abc3cdd78e494daf24
- SHA512
  
  2b484f2af802e5a8c76d41f4b3c4b14a2e019e1abc0c26d561e0784f49f6b1196a029be5f6fb5f8b0f607376056d1d0851dbe45d6e1a9ca59616dd433926c412
- SSDEEP
  
  384:VnBXapUxvdWiuEWi7HRN7ooiR9zvLXg4m4IBss264RE4TdE54Rr4RbiaGW4w14Ed:VEpHAoh9zThSpNxsS3T
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Asyncrat family

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32