asyncrat

Sharing

Copy URL

Twitter E-mail

General

Target

MoonStealer-main.zip
Size

561KB
Sample

241201-v187hs1qdm
MD5

552ae3e1d5b29589e4f721676f356e95
SHA1

116a2585ec1b114a2c23cf4c99e58fd3adfe5819
SHA256

cc16889abbfe38386a105e602d856c512a2dfd51795ad55092ab27983e70b3b5
SHA512

e382ac33e8b417fc32d7baf835699633d418ebb133384fbb07aa05aeffc6024a2a91e68c294a93c00211367ea1179cf4ac24f66659c7723debc4c9266b5f345c
SSDEEP

12288:5mVEp8K9G80iPAi52M7zIDBrqAItEGN61HJpA118J7rYSc0:5mKpfvTbkrqAItD6b6D8J7kSv

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

23.94.99.6:6606

23.94.99.6:7707

23.94.99.6:8808

23.94.99.6:4782

Mutex

qdWLYmlsI9yW

Attributes

delay
3
install
true
install_file
required.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  MoonStealer-main/MoonStealer_assets/upx/updater.exe
- Size
  
  48KB
- MD5
  
  403e30df6166df14523e6f820703241a
- SHA1
  
  9f00e1baf4313fd33a513251b494d2340e88a91b
- SHA256
  
  e57f42b4a9e3305785a2a6e1ffb14fa82d90d5094e8e5ecb3cd8fcb903637d92
- SHA512
  
  885dfaf6fd4c14dcfa223a7a8cb3258b4c81da589eacb5d2da5d4ffbeb594ec2c9483ab1d75fc7a9b6cd1567cf82f94ded18ace4e14540f2f48033eed2f16a44
- SSDEEP
  
  768:qu4f9TskvpDWUPlNxmo2qbebAN6JunAjZPIBj8wucDO30b9IxgaOMtV+rhG/BDZ3:qu4f9Tswb2FbNuA6BGgb9I6aH3+4Jdm2
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  MoonStealer-main/MoonStealer_assets/upx/upx.exe
- Size
  
  525KB
- MD5
  
  8a98406e32ed6139bd9e75342d452948
- SHA1
  
  ed77737b88a7351d0bc5f542ddb7ce84f8f95588
- SHA256
  
  a4240ea0e8a916d15f8391edef9705ab4de1f516dd360f0a336c5358686d434b
- SHA512
  
  f5b17975560d97308a6ee66845225715e82bade9df7bc36821c76fe67fcf8d22929bf21b85e28dd11b7399d0109ab1f3786fd2010c2e5023d3a93d2bd5cf678b
- SSDEEP
  
  12288:fOHsWPQsJdQmiR0eYG16fyP8RHzS75CaNgMYqIW7I2:2QmiWK16rRHzS7U6ip2
Score

5^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  MoonStealer-main/builder.py
- Size
  
  6KB
- MD5
  
  48d51f59c5177750328641c797c0f478
- SHA1
  
  618ccea3f2ae5e435430e779579f9cd2c84c1dd2
- SHA256
  
  8d84f48da564d51a2ca621554179e82f9bf12ca5db097977a2146b373c6fad32
- SHA512
  
  918ff4b93338e9c75542b04c3bd1ba12b5562660d64eca679e9bc782bf8a81ea31efdfa779e270a96f2da641e694a86a0e0d433d9bfb95c70bd72d3051396ead
- SSDEEP
  
  96:SFvQsZlbpdIV9ll+zVHJllFSYUCSPlbpdIV1ll+zVHRllFiYbRZfY7DGZ2we8Gzo:IZlbpd8QztMPlbpd8IztbZf0GZzjv4A7
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  MoonStealer-main/install.bat
- Size
  
  95B
- MD5
  
  7c928c6358b7d280aff4be1ff2ac7c29
- SHA1
  
  6e9014938d6d05791cfba2473397ad7e39ae5881
- SHA256
  
  9fa41aabbfef72bc8a6d3342b2f399a82c2f6ec7bc14e46bc1d3dcacd4f5d3c3
- SHA512
  
  a6558bb4e546cd87b7787117741d01e8ed936b3ecaef32855533b1e4cd54d068e9f75ec560304a445c56605aebec8f2070f51c2e3b20661a3688c8a811677dd9
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
behavioral7 behavioral8
- Target
  
  MoonStealer-main/main.py
- Size
  
  48KB
- MD5
  
  ce6bbfc8f624a0590495fce46648d3f7
- SHA1
  
  182880bb1eccc344455228afe6eabc28b0d25875
- SHA256
  
  f4c4c2476408c644b2aebf613d42ef361e2a5630c7a62c505bf4c319aace6293
- SHA512
  
  2cb207f86bd64ae448e26d456a9970bec46d7e196209983a9e1c822136248b6c4795bad4b58809d4cf1a74bdd46d5e7ff56b0c2933e5a94dffd7e414284ea58f
- SSDEEP
  
  768:gDaj4Pvv8PZmsyhTuVJ7AWyykW2WMWLWLWLWQW7WP2uL12oqcW7WFufQtRPPWMCd:yaj4Pvv8PjyhCV1T2aRtufK8MK
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  MoonStealer-main/start.bat
- Size
  
  35B
- MD5
  
  e20d4392cbac1ef4c73f93c6e4a828b1
- SHA1
  
  5e28e0f4967f35c7bf1942813265499f2c329e09
- SHA256
  
  03aac700e872f2a2a05f79990504f7eb39950ccfd539e818e8586ebb7ef55158
- SHA512
  
  7af88983c9aabee84f7154724cf95b47a9c39eb8cde91795b56e5bb5d90be6c256358f871bf98b3976b205107c420b09d44758f2640d96e125aaef8ee85d671d
Score

1^/10
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Asyncrat family

Async RAT payload

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

UPX packed file

AsyncRat

Asyncrat family

Async RAT payload

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12