asyncrat

Sharing

Copy URL

Twitter E-mail

General

Target

lossless scaling.zip
Size

3.5MB
Sample

250103-l98snsykbt
MD5

be7c366057794a7b9dc9974dcf7f15a5
SHA1

2eb91fb059cb9c5ba2348f75c6f4ab2d92885fda
SHA256

eec8598a29a582b073df5c4832428cdd5cb276ea4cfb05a04e4de58a421717f8
SHA512

59b14823ce8067eb67a2090030c3ffe8755522633cd1d3e1f4ba91742a6b7a309ba4901c3bebc05e13e7c485126fa75fc89544c3ad62b3fb92cdf52b7a645912
SSDEEP

98304:lB8MVAr/rJPdVEPL6V619uA6FBk9EVpgw56Nhrsw5iU:lKkAjF1VEPE619J6FB2EVp5s2w5iU

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

A 14

Botnet

Default

Egypt2.camdvr.org:301

Mutex

MaterxMutex_Egypt2

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  lossless scaling.zip
- Size
  
  3.5MB
- MD5
  
  be7c366057794a7b9dc9974dcf7f15a5
- SHA1
  
  2eb91fb059cb9c5ba2348f75c6f4ab2d92885fda
- SHA256
  
  eec8598a29a582b073df5c4832428cdd5cb276ea4cfb05a04e4de58a421717f8
- SHA512
  
  59b14823ce8067eb67a2090030c3ffe8755522633cd1d3e1f4ba91742a6b7a309ba4901c3bebc05e13e7c485126fa75fc89544c3ad62b3fb92cdf52b7a645912
- SSDEEP
  
  98304:lB8MVAr/rJPdVEPL6V619uA6FBk9EVpgw56Nhrsw5iU:lKkAjF1VEPE619J6FB2EVp5s2w5iU
Score

10^/10

discovery evasion execution trojan
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  lossless scaling/Lossless Scaling.exe
- Size
  
  155KB
- MD5
  
  1e808d8b288c31d55e634bc603a430d6
- SHA1
  
  3093591b8bbc5afd41ba87462463bdd6c212b9c2
- SHA256
  
  c12832690c5c9e50e87718129836aa54dae18be18985aed6ad8fe8ddb94b0b43
- SHA512
  
  5ea49656e808859eb04a049f7f0617206e5b75e065dd8a15349a91cfe57fd94ca1906a1eedef802612c3e3b419257870d40e3c835e68ef0ca4150efdbe22660c
- SSDEEP
  
  3072:z/6p7RATueBb6sKGyLY1hhhhhhhhhhhhhhhhhhhhhhhOCD:z/6pWTuet1V1hhhhhhhhhhhhhhhhhhhX
Score

10^/10

discovery evasion execution trojan asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- UAC bypass
  evasion trojan
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  lossless scaling/Registration ('Crack')/Double-click, confirm to merge, done.reg
- Size
  
  250B
- MD5
  
  ff047b633dfa3af4e5b5c78c1c84515b
- SHA1
  
  edca05a1a23484322da3932074af30de93d4c041
- SHA256
  
  963e9de4561957e19eb200c7446aaba4e59392040eaa5006717bf826a589cc21
- SHA512
  
  3e0f46a9c8626a6f53e710676b42802f014f9bac8dbb1af58e42c3e1f7df80ca074e137d4b98fa5739b07028f11eed7f569b55232a2c85dd5d8a7b23dc8420d3
Score

1^/10
behavioral5 behavioral6
- Target
  
  lossless scaling/__HOW TO CRACK.txt
- Size
  
  68B
- MD5
  
  88ad4289df801383d10899bcae6eb317
- SHA1
  
  ccc4a249545f9e0f48932d982b2320a79791483f
- SHA256
  
  867a006aeee7cbfe6b44ed9d8f412e3104bf077b7ad49aa642f166095c37d1ee
- SHA512
  
  0eec25b34993e75bea0981f87df0377244a75acf404f6159030240032f34f0858807e89423a07ef338573c84895e1f7faeb8c1dfb964c51e1364375648954124
Score

1^/10
behavioral7 behavioral8
- Target
  
  lossless scaling/language/diagerr.xml
- Size
  
  1KB
- MD5
  
  25b86b2ab956de39ec02eb0697599100
- SHA1
  
  58e6b45cab0e49adb2d62ecd86acb9ab1e7a76ca
- SHA256
  
  507dbd9e93d64dc201894839a2e61a3cc5584696d2c35531a8f5a689af4c582c
- SHA512
  
  317b1ec23b04d1dc05869934d94fb4f6d20b1be432a2c9b082610f24bbe4e1f33d615be84cbde7443fb5b393beb8f4f08ecd066b80af5317c8a9b085e3cee4bb
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  lossless scaling/language/en-US/hiberfil.sys
- Size
  
  1KB
- MD5
  
  98a99e831c54087770d3fd89f2bb9913
- SHA1
  
  26754b638106f4e2c3bdff6780c574384a129972
- SHA256
  
  92360a7d4d9bc840a967a86f6bd3651d0d7fb5218d57e3edcd36ad897f908a44
- SHA512
  
  cae5a9b95ac842902166cf2d67114f311f6bd9227999654f733b2ef16e4daf8fa2ea5fb5908425243226217fe99e87ded7f9d600a2eb668fb3b4f7d4b0974df2
Score

3^/10
behavioral11 behavioral12
- Target
  
  lossless scaling/language/en-US/pagefile.sys
- Size
  
  1.7MB
- MD5
  
  df3362c56b3925e0eb83e0a10fb448c7
- SHA1
  
  7b82a4de6af8f15994cfa1f179ebf5e0f302e503
- SHA256
  
  1de06a9918cdd9e8dd95953f1a6b937d490a6eb228b2a67e5a89b09feab810c3
- SHA512
  
  431dbbf045c8a62cacd7e8236ad343287c574b97684d941fe6f94e702fbb2a19675e1849220fa443616bfe2adec0e2218c42d75889333ca489f064e931891785
- SSDEEP
  
  49152:bnMeSbStSScWmlrzjQ6bJiZ/9YLgNEz1:b5q2/cxlbKJy1
Score

1^/10
behavioral13 behavioral14
- Target
  
  lossless scaling/language/uk-UA/Lossless.dll
- Size
  
  4.3MB
- MD5
  
  7969a2cbc4c31ccfb1ab8213f19501b9
- SHA1
  
  06a24af6e922ba2cd7fccb76ce2f43271a9af8b6
- SHA256
  
  486a48562504a274e984599a5931de200ea73bf6bc4c83bf6ca8daa651e80a68
- SHA512
  
  935988a39c1af479e971850f6758ee94098b35f173da609206312deeabeb3bc9466f93d1dad4e6d7938235f65fc52fdbd56058d46c1ba775d31718358eb6d8fa
- SSDEEP
  
  24576:lZtIcM0Gpls8jl9vLFR/cGRgPEuZIiZ8ay7R5vZf7gjxPWwf:re0Gbs8jsGBM4l7R5vZjUWw
Score

1^/10
behavioral15 behavioral16
- Target
  
  lossless scaling/language/uk-UA/LosslessScaling.exe
- Size
  
  953KB
- MD5
  
  2c98d33096e97094cbbbd19f27f40883
- SHA1
  
  7e28af9d119d2658f962e3b28140c6081be1612b
- SHA256
  
  010ac1120a88a772e87d9e9018aa5db034a9bac9399803d4a7c4db3c47a71df6
- SHA512
  
  f9070ad6b2e3295fdde13aa8d7486147a7f9a675a924ad3bf117479baf5b573cf92650199e58378dd8345a28ab890bbd5021d374030c24836bfa65bb037dddc7
- SSDEEP
  
  12288:ApDJEDS4MCLSyf6mOuGyW38yHJc+CKtOaO5Z7WhawnzE4ZbuRCwmhI2J+0sDgwl1:btMCLPf1Oi32OvzGo4ZiRlT/sN0
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  lossless scaling/language/uk-UA/LosslessScaling.exe.config
- Size
  
  174B
- MD5
  
  2a2df45a07478a1c77d5834c21f3d7fd
- SHA1
  
  f949e331f0d75ba38d33a072f74e2327c870d916
- SHA256
  
  051099983b896673909e01a1f631b6652abb88da95c9f06f3efef4be033091fa
- SHA512
  
  1a6dd48f92ea6b68ee23b86ba297cd1559f795946ecda17ade68aea3dda188869bba380e3ea3472e08993f4ae574c528b34c3e25503ee6119fd4f998835e09d7
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  lossless scaling/language/uk-UA/ar/LosslessScaling.resources.dll
- Size
  
  24KB
- MD5
  
  ed6f1b887abd06c83ecb9c6ad4b6ddae
- SHA1
  
  595f4748ee9f088d6c87281ba822c2e023cea9f2
- SHA256
  
  e078d3fe1e5c3ef3ae5a22da414b33d29c3ae335397fd699a35f0b767e20ab29
- SHA512
  
  c16bb876c0c6bf5f016a476649c4f99aa7a8679fbc7d356f33d13b65667878369a8aeadd010f828650385ce7783226505219a3b6adba22e33cbf30bcb706fcd0
- SSDEEP
  
  384:As9chlOF09DRNWxSZD0JxNcwmxxyYThlSzIxvuDv0GWOfRt+Watm:YOm9DeaAJz7mx0YThleIvEhfRtdaA
Score

1^/10
behavioral21 behavioral22
- Target
  
  lossless scaling/language/uk-UA/bg/LosslessScaling.resources.dll
- Size
  
  25KB
- MD5
  
  82deb57274920ad713665b7ecdd1f1b4
- SHA1
  
  b3518aefb76fcf435cc2685dcbeb8aba46b29a04
- SHA256
  
  2b62df6f0d46492562a7f2cb04e45c429e09fcbe76fb2faf7e275cbe29101ca3
- SHA512
  
  1539f43d7d5333bd52c52b5b617aed69fcd1fa6a9b6e6ba07f0c09507c388eb6d9781d8de413fa3910f3177233346d4bdc8e4d53ba7e04e1862607c41924fc95
- SSDEEP
  
  384:dQ4yQrLDnD4mIfp7plw4ha09cQQdd6wjrQMYMUm:2QHDnD4mip7vwH0R46rMYMP
Score

1^/10
behavioral23 behavioral24
- Target
  
  lossless scaling/language/uk-UA/config.ini
- Size
  
  430B
- MD5
  
  ef7d84d756944b899e4fb5d1a3339235
- SHA1
  
  bcac0a048a418caec5281cc44121576d1cde4e70
- SHA256
  
  069ae15289a748ae4e1a998183c41c35a873cb8dc205318813b157c826bab6ca
- SHA512
  
  a73e18adaa6f1e93a457d4593a652ee47eb730cac3b81cfbc1fc3ab90aa05f518ae7c96c78e94ab92949dd2c4e9a459bb54012e97fb53554397d5a6a8b556327
Score

1^/10
behavioral25 behavioral26
- Target
  
  lossless scaling/language/uk-UA/cs/LosslessScaling.resources.dll
- Size
  
  20KB
- MD5
  
  0009b54449d6ee8d723be5266cb96c32
- SHA1
  
  53162779acc73b9a0cfb53a7b5b5917664958073
- SHA256
  
  6f4cd5d91edee8dbc547a6f914f1441c5a55d559b784893a98b9ab3a1c96ee62
- SHA512
  
  2e94a4a54cc2aad1df5be548722bc7d8266d60cde55e8187994f203474518d1faf66ae61ef3a19dc14c11b001038df6339ad3e8cb428faf3726c54086b0e0050
- SSDEEP
  
  192:u/sZD9SrXqkOK93VPfYFXh9uuTP17gw92v3DSRKMmhL14DArCwVQSScHoR1J0o9K:Qs98qZhgkCTSRKPVaDLjfZRT1bFm
Score

1^/10
behavioral27 behavioral28
- Target
  
  lossless scaling/language/uk-UA/de/LosslessScaling.resources.dll
- Size
  
  18KB
- MD5
  
  bea43c84cdc466ddea1398d4026c3ef9
- SHA1
  
  737b176c58d870acb9383b11c8d553c064ec2aff
- SHA256
  
  7bdb17bfa2e73143efcd5bdaf089a2127c6175daf0ced23c9c4102011d09a89a
- SHA512
  
  b9bbf206baef969d3960e9fa56b7edc320351698f66893dfa42897a7350e4e9d575e8cc4205ae28f2b8946d0f7f48fa2a550a30e7454423ec9d3812f5cb026e3
- SSDEEP
  
  192:x/gqOfbbfga5oP2jk8AieIAcL+Xkd10VN0gGgPGqMyXsfCOY/VRiiCEaLKWrYkQs:RgNkEjGIAcL+XkAiqhsqOs7T6LQyzYm
Score

1^/10
behavioral29 behavioral30
- Target
  
  lossless scaling/language/uk-UA/es-ES/LosslessScaling.resources.dll
- Size
  
  20KB
- MD5
  
  f6dd78c7f97a469c75152ec53d79bf8d
- SHA1
  
  d96ce434f64b8a52475a91ddf6dc7c8086e38869
- SHA256
  
  8f0222d248a18119d84822a851fbfd0d844e6cf58642e5132d96e3c75940ebf7
- SHA512
  
  dc5c86a2182f591ba0fe1807138a05fb8bdbe6a0e1bcac43e3101f150bb2bd5c8132f201c5607e367436be9a9ba10e55db3e0084a359149e7f345ae5dfdd836b
- SSDEEP
  
  192:LQ/XQFsZ7giyU3qLQVCxSaqu7XBRD6pzIABGwB93Mi7UB+4cj4UBd1ejxKgz6:LQ4FsOQVKHv7XvD6xtf8i7o5cjFRzgm
Score

1^/10
behavioral31 behavioral32