asyncrat

General

Target

Loader.exe
Size

63KB
Sample

241121-266rxawqfn
MD5

7ceb11ebb7a55e33a82bc3b66f554e79
SHA1

8dfd574ad06ded662d92d81b72f14c1914ac45b5
SHA256

aea3e89e45a33441bcd06c990282f8601eb960a641c611222dce2fe09685e603
SHA512

d8cd7af50996015163c8926fc7b6df6a6e2c0b3f6c8fcff37cad5b72fed115f7134723d99f61a20576b83e67107a3a410f5ef2312191446b3d0759cb739e6ccd
SSDEEP

768:rig6BqomfHz4c78F3C8A+XuLvRIOdJD7P7DEhfW1+T4iSBGHmDbDOphLoXaHnCtB:i+4/WD7jhBYUbghiynCCundpqKmY7

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

technical-southwest.gl.at.ply.gg:58694

Attributes

delay
1
install
true
install_file
WINDOWS.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Loader.exe
- Size
  
  63KB
- MD5
  
  7ceb11ebb7a55e33a82bc3b66f554e79
- SHA1
  
  8dfd574ad06ded662d92d81b72f14c1914ac45b5
- SHA256
  
  aea3e89e45a33441bcd06c990282f8601eb960a641c611222dce2fe09685e603
- SHA512
  
  d8cd7af50996015163c8926fc7b6df6a6e2c0b3f6c8fcff37cad5b72fed115f7134723d99f61a20576b83e67107a3a410f5ef2312191446b3d0759cb739e6ccd
- SSDEEP
  
  768:rig6BqomfHz4c78F3C8A+XuLvRIOdJD7P7DEhfW1+T4iSBGHmDbDOphLoXaHnCtB:i+4/WD7jhBYUbghiynCCundpqKmY7
Score

10^/10

asyncrat stealerium default bootkit collection credential_access discovery persistence privilege_escalation ransomware rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Stealerium
  An open source info stealer written in C# first seen in May 2022.
  stealer stealerium
- Stealerium family
  stealerium
- Async RAT payload
  rat
- Renames multiple (3162) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Credentials from Password Stores: Windows Credential Manager
  Suspicious access to Credentials History.
  credential_access stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1