asyncrat

Sharing

Copy URL

Twitter E-mail

General

Target

lossless scaling.zip
Size

3.5MB
Sample

241229-eyk4xasmgk
MD5

0bc92c7d774dac92fd2ad391b2675373
SHA1

af8210691cbebd5cd80273ff7adc601e416a60e5
SHA256

900970e10a75cc8933b8dad03083900f89522d0126c8f754a1e092b832ea1625
SHA512

b68cb330834d8b5e9770a0a202c15934b1cef3a2b79ca931d4e0b84f1c9667b73182d1054106a74a07c3a32ab1c0c5820dcba015c53fbeae65f152ee27bc63dc
SSDEEP

98304:63zAP4KJhz5w1g4nC7rmY/+vTn+qVdYAlmC:azAPt3z5mCevLn+qViQmC

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

A 14

Botnet

Default

Egypt2.camdvr.org:301

Mutex

MaterxMutex_Egypt2

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  lossless scaling/Lossless Scaling.exe
- Size
  
  155KB
- MD5
  
  7e7e62b1ab8bf27a17536621fd6a0b50
- SHA1
  
  f1efb5a0b2256fa12b46e0983c1949ce3ace2307
- SHA256
  
  94d4791c5a5bcb9eed6d5f8c6bcb0df2cf50c0499254f0f49e545a8e84b0013e
- SHA512
  
  03c48c4e190a95899bdeaabfe079567633ed53a10779e9672ec4f5e4281310392df2e2e3f21a9f03903d4381f7d20a04b1cbc814f50a09c965a495c881d58e35
- SSDEEP
  
  3072:16p7RATueBb6sKGyLY1hhhhhhhhhhhhhhhhhhhhhhhOCD:16pWTuet1V1hhhhhhhhhhhhhhhhhhhhJ
Score

10^/10

discovery evasion execution trojan asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- UAC bypass
  evasion trojan
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  lossless scaling/language/en-US/pagefile.sys
- Size
  
  1.7MB
- MD5
  
  df3362c56b3925e0eb83e0a10fb448c7
- SHA1
  
  7b82a4de6af8f15994cfa1f179ebf5e0f302e503
- SHA256
  
  1de06a9918cdd9e8dd95953f1a6b937d490a6eb228b2a67e5a89b09feab810c3
- SHA512
  
  431dbbf045c8a62cacd7e8236ad343287c574b97684d941fe6f94e702fbb2a19675e1849220fa443616bfe2adec0e2218c42d75889333ca489f064e931891785
- SSDEEP
  
  49152:bnMeSbStSScWmlrzjQ6bJiZ/9YLgNEz1:b5q2/cxlbKJy1
Score

1^/10
behavioral3 behavioral4
- Target
  
  lossless scaling/language/uk-UA/Lossless.dll
- Size
  
  4.3MB
- MD5
  
  7969a2cbc4c31ccfb1ab8213f19501b9
- SHA1
  
  06a24af6e922ba2cd7fccb76ce2f43271a9af8b6
- SHA256
  
  486a48562504a274e984599a5931de200ea73bf6bc4c83bf6ca8daa651e80a68
- SHA512
  
  935988a39c1af479e971850f6758ee94098b35f173da609206312deeabeb3bc9466f93d1dad4e6d7938235f65fc52fdbd56058d46c1ba775d31718358eb6d8fa
- SSDEEP
  
  24576:lZtIcM0Gpls8jl9vLFR/cGRgPEuZIiZ8ay7R5vZf7gjxPWwf:re0Gbs8jsGBM4l7R5vZjUWw
Score

1^/10
behavioral5 behavioral6
- Target
  
  lossless scaling/language/uk-UA/LosslessScaling.exe
- Size
  
  953KB
- MD5
  
  2c98d33096e97094cbbbd19f27f40883
- SHA1
  
  7e28af9d119d2658f962e3b28140c6081be1612b
- SHA256
  
  010ac1120a88a772e87d9e9018aa5db034a9bac9399803d4a7c4db3c47a71df6
- SHA512
  
  f9070ad6b2e3295fdde13aa8d7486147a7f9a675a924ad3bf117479baf5b573cf92650199e58378dd8345a28ab890bbd5021d374030c24836bfa65bb037dddc7
- SSDEEP
  
  12288:ApDJEDS4MCLSyf6mOuGyW38yHJc+CKtOaO5Z7WhawnzE4ZbuRCwmhI2J+0sDgwl1:btMCLPf1Oi32OvzGo4ZiRlT/sN0
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  lossless scaling/language/uk-UA/ar/LosslessScaling.resources.dll
- Size
  
  24KB
- MD5
  
  ed6f1b887abd06c83ecb9c6ad4b6ddae
- SHA1
  
  595f4748ee9f088d6c87281ba822c2e023cea9f2
- SHA256
  
  e078d3fe1e5c3ef3ae5a22da414b33d29c3ae335397fd699a35f0b767e20ab29
- SHA512
  
  c16bb876c0c6bf5f016a476649c4f99aa7a8679fbc7d356f33d13b65667878369a8aeadd010f828650385ce7783226505219a3b6adba22e33cbf30bcb706fcd0
- SSDEEP
  
  384:As9chlOF09DRNWxSZD0JxNcwmxxyYThlSzIxvuDv0GWOfRt+Watm:YOm9DeaAJz7mx0YThleIvEhfRtdaA
Score

1^/10
behavioral10 behavioral9
- Target
  
  lossless scaling/language/uk-UA/bg/LosslessScaling.resources.dll
- Size
  
  25KB
- MD5
  
  82deb57274920ad713665b7ecdd1f1b4
- SHA1
  
  b3518aefb76fcf435cc2685dcbeb8aba46b29a04
- SHA256
  
  2b62df6f0d46492562a7f2cb04e45c429e09fcbe76fb2faf7e275cbe29101ca3
- SHA512
  
  1539f43d7d5333bd52c52b5b617aed69fcd1fa6a9b6e6ba07f0c09507c388eb6d9781d8de413fa3910f3177233346d4bdc8e4d53ba7e04e1862607c41924fc95
- SSDEEP
  
  384:dQ4yQrLDnD4mIfp7plw4ha09cQQdd6wjrQMYMUm:2QHDnD4mip7vwH0R46rMYMP
Score

1^/10
behavioral11 behavioral12
- Target
  
  lossless scaling/language/uk-UA/cs/LosslessScaling.resources.dll
- Size
  
  20KB
- MD5
  
  0009b54449d6ee8d723be5266cb96c32
- SHA1
  
  53162779acc73b9a0cfb53a7b5b5917664958073
- SHA256
  
  6f4cd5d91edee8dbc547a6f914f1441c5a55d559b784893a98b9ab3a1c96ee62
- SHA512
  
  2e94a4a54cc2aad1df5be548722bc7d8266d60cde55e8187994f203474518d1faf66ae61ef3a19dc14c11b001038df6339ad3e8cb428faf3726c54086b0e0050
- SSDEEP
  
  192:u/sZD9SrXqkOK93VPfYFXh9uuTP17gw92v3DSRKMmhL14DArCwVQSScHoR1J0o9K:Qs98qZhgkCTSRKPVaDLjfZRT1bFm
Score

1^/10
behavioral13 behavioral14
- Target
  
  lossless scaling/language/uk-UA/de/LosslessScaling.resources.dll
- Size
  
  18KB
- MD5
  
  bea43c84cdc466ddea1398d4026c3ef9
- SHA1
  
  737b176c58d870acb9383b11c8d553c064ec2aff
- SHA256
  
  7bdb17bfa2e73143efcd5bdaf089a2127c6175daf0ced23c9c4102011d09a89a
- SHA512
  
  b9bbf206baef969d3960e9fa56b7edc320351698f66893dfa42897a7350e4e9d575e8cc4205ae28f2b8946d0f7f48fa2a550a30e7454423ec9d3812f5cb026e3
- SSDEEP
  
  192:x/gqOfbbfga5oP2jk8AieIAcL+Xkd10VN0gGgPGqMyXsfCOY/VRiiCEaLKWrYkQs:RgNkEjGIAcL+XkAiqhsqOs7T6LQyzYm
Score

1^/10
behavioral15 behavioral16
- Target
  
  lossless scaling/language/uk-UA/es-ES/LosslessScaling.resources.dll
- Size
  
  20KB
- MD5
  
  f6dd78c7f97a469c75152ec53d79bf8d
- SHA1
  
  d96ce434f64b8a52475a91ddf6dc7c8086e38869
- SHA256
  
  8f0222d248a18119d84822a851fbfd0d844e6cf58642e5132d96e3c75940ebf7
- SHA512
  
  dc5c86a2182f591ba0fe1807138a05fb8bdbe6a0e1bcac43e3101f150bb2bd5c8132f201c5607e367436be9a9ba10e55db3e0084a359149e7f345ae5dfdd836b
- SSDEEP
  
  192:LQ/XQFsZ7giyU3qLQVCxSaqu7XBRD6pzIABGwB93Mi7UB+4cj4UBd1ejxKgz6:LQ4FsOQVKHv7XvD6xtf8i7o5cjFRzgm
Score

1^/10
behavioral17 behavioral18
- Target
  
  lossless scaling/language/uk-UA/fa/LosslessScaling.resources.dll
- Size
  
  27KB
- MD5
  
  4b67439a021661921731ca43eb8efcef
- SHA1
  
  ca3b9168c86548556b73fb153aca2fdeffbee214
- SHA256
  
  0688ba5f3b55c43ad2436c2981f834b4af7e1b294314afa2f017baba6f4411fd
- SHA512
  
  d2a52b91bd60ce8bb574747da13925404f4fddf196574c746dfdf6c1d2589bc2f746b807ef520c4340eaa6f11fa04efb4385fcb5f92eea01112709d9afbf6610
- SSDEEP
  
  384:zQ4g8hG/RCxROiRW6B5WQLnkWEzeHtF2MIdcPpYm:O8hWRCxROiRW6B5WqkWOI4WPp7
Score

1^/10
behavioral19 behavioral20
- Target
  
  lossless scaling/language/uk-UA/fr/LosslessScaling.resources.dll
- Size
  
  21KB
- MD5
  
  39e11baaab6237ba61eb5e8b7a19a4fe
- SHA1
  
  4f5aafe9a8b78650a36529619c23a5a2cabb3eed
- SHA256
  
  fe406bbc2bbdd8039876ad12ec946d46cac386a1ec9c73f40bcebb414ea55881
- SHA512
  
  3de3de4ba2b4d93ec474b91933ce973baaa7c74aba7a9afa433ba9d13b3aa4765fb4a5e524f737d4d9437b570752ebdb1b143abf25d9020fec270b3cfe78f249
- SSDEEP
  
  384:xQ4oMHANK/ZBHx2z1GAyKwerPLpoulBcqlLw9AnL/Ox8fMiNhEH9/GBm:QMHANGEflLVtRnL/u8HNW9Gc
Score

1^/10
behavioral21 behavioral22
- Target
  
  lossless scaling/language/uk-UA/he/LosslessScaling.resources.dll
- Size
  
  22KB
- MD5
  
  854559ce6f1a4172247402bcb7ba6d6f
- SHA1
  
  3d999b3f8d9125ac619d3029b49e5a185370578a
- SHA256
  
  4edec52a80b6f695343c617813b9d94260b1a31d02809d1055774da5ac4943a3
- SHA512
  
  7fa81a302da4b99fe7ad446893dc90da710fe918b9934642ee2a66323fabdec562b0eb1bfc21070df11a7eb040f74d961090bbf040b4c38c8b86c7917aa5ca99
- SSDEEP
  
  384:MQ4qny9zZ7KqadK/kXNs6YJeEtjwVkwSasKgm:Tiz9xeK/kXO6YJeEt+psKT
Score

1^/10
behavioral23 behavioral24
- Target
  
  lossless scaling/language/uk-UA/hr/LosslessScaling.resources.dll
- Size
  
  19KB
- MD5
  
  ba84b335d4991ee1c52a6bf85e1a2fa5
- SHA1
  
  25e524a30249a930faa0932b3a2d1d52b4a75f61
- SHA256
  
  f0658c57595b27e93ffe8d797172eb9931e4f3407b9b9f0d1abda112d6921453
- SHA512
  
  c8e09e219e070ccc6c4de2c98849f88869149d44b358d23b533291ee56b70ca265f9b34846dea3674e62a17fae38755e99c704448437830d90c820a8185e2f1a
- SSDEEP
  
  384:syM/rM4HXIlWdLzCL2fr/lD+wlVLB0ium:ODM44lWdHCLub5TB0id
Score

1^/10
behavioral25 behavioral26
- Target
  
  lossless scaling/language/uk-UA/id/LosslessScaling.resources.dll
- Size
  
  19KB
- MD5
  
  8c512fab259d4ab880b3d2d1833b03cb
- SHA1
  
  612561041d5a106444348cc5e59b186593b7b87f
- SHA256
  
  fee70b83a178195944f9dc63e841da5c72a217c6f3ed04854a54c55307424668
- SHA512
  
  c8632f3a8126cab39c2e25085397399028ddf4337e155ce1abbddb621569003819c42f5052c8274393a85975dd9f325ed7ba7899b4259c9e680bd886c9ac3bd2
- SSDEEP
  
  384:RQ49P6rTV9WJVS863OmTRWrRaC1/scKbw5nUhYJzcWb6u5jDQtm:1PyTVIJVS863OmTAFaC1/scow5nUhYJj
Score

1^/10
behavioral27 behavioral28
- Target
  
  lossless scaling/language/uk-UA/it/LosslessScaling.resources.dll
- Size
  
  20KB
- MD5
  
  4216eb3bcff34d8bf807ba9ae2329400
- SHA1
  
  9e3104f0caba8c9721720e24991e2ff767269fa6
- SHA256
  
  961fe22ac5b8226e13161868c2af0de3700a157b3ec14a8036e6c85f0c38e158
- SHA512
  
  d6551d03794594f9e9a602232d2ece63eb3ca26338949cc6684eefa1f2ddc9eb6fdd2a35b20410dd7978612d399ab882cc72ccd5b82097c9ce07b4ac7840fd72
- SSDEEP
  
  192:h3Q/XQLI6zeBmPDxjzbZ7/BlzEPEpRToFNjs3SbQka4xOGRVuH68jZFAEHctRyya:xQ4BjzVJgSTw2Tt3Slk6cM6Uvm
Score

1^/10
behavioral29 behavioral30
- Target
  
  lossless scaling/language/uk-UA/ja/LosslessScaling.resources.dll
- Size
  
  25KB
- MD5
  
  c7a79602e51c7d382027d9cc4f4d9765
- SHA1
  
  cbcdfd3cdad01eba053b0bb7251876e218011764
- SHA256
  
  a2596374f8b643e4e4ac7d722a8f7ac83f9d315ab45bfa61074bf874651471bb
- SHA512
  
  77020357d3ea423a4508b7219bd0406be95c3344859d3099c515e65b00c1e1a1e1b19b1114fad86c60531a5a1b3ff773169dea2c17d694fe4eda4ae52adf3025
- SSDEEP
  
  384:RQ4mJ9O2PISPDXxstM7WYASHjWssRagahBBxQm:OJ9dFzxYG9ASHjpgahpj
Score

1^/10
behavioral31 behavioral32