asyncrat | 201d93bf0cba57d6bf22201311f082c11dde20bf1269d5275539df14fd502398 | Triage

Submit
Reports

Overview

overview

Static

static

3

d224b20b8c...3b.exe

windows7-x64

d224b20b8c...3b.exe

windows10-2004-x64

Sharing

General

Target

d224b20b8c858da3bac1c5fb9cd1c33b.exe
Size

310KB
Sample

240126-rk5mlsfed4
MD5

d224b20b8c858da3bac1c5fb9cd1c33b
SHA1

e1d256a961662b1b45c23a2bfc4e4edf2d30b177
SHA256

201d93bf0cba57d6bf22201311f082c11dde20bf1269d5275539df14fd502398
SHA512

e281343bc2e0d197c21bc442aefb27526515807e3279f8fd9636aea19b6fbc1dd5a5be3038615c513d60568e0ea821ea6c080efce43d059e30032a93cc1190ba
SSDEEP

6144:BbiQqdJ052x8C2adFIYI906jqGFPkoh7Y0gJamWKw7eMT129ZW5sNdaYmOdhzStP:BbiQz52aC1sP906mG53h7c/RQ1p5C4LP

Score

10^/10

asyncrat zgrat default rat spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d224b20b8c858da3bac1c5fb9cd1c33b.exe

Resource

win7-20231129-en

asyncrat zgrat default rat spyware stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

d224b20b8c858da3bac1c5fb9cd1c33b.exe

Resource

win10v2004-20231222-en

asyncrat zgrat default rat spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

127.0.0.1:4217

146.70.161.85:4217

Mutex

dkhXL7HeeLRM

Attributes

delay
3
install
true
install_file
Colours.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  d224b20b8c858da3bac1c5fb9cd1c33b.exe
- Size
  
  310KB
- MD5
  
  d224b20b8c858da3bac1c5fb9cd1c33b
- SHA1
  
  e1d256a961662b1b45c23a2bfc4e4edf2d30b177
- SHA256
  
  201d93bf0cba57d6bf22201311f082c11dde20bf1269d5275539df14fd502398
- SHA512
  
  e281343bc2e0d197c21bc442aefb27526515807e3279f8fd9636aea19b6fbc1dd5a5be3038615c513d60568e0ea821ea6c080efce43d059e30032a93cc1190ba
- SSDEEP
  
  6144:BbiQqdJ052x8C2adFIYI906jqGFPkoh7Y0gJamWKw7eMT129ZW5sNdaYmOdhzStP:BbiQz52aC1sP906mG53h7c/RQ1p5C4LP
Score

10^/10

asyncrat zgrat default rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

asyncratzgratdefaultratspywarestealer

behavioral2

asyncratzgratdefaultratspywarestealer

© 2018-2024

Terms | Privacy