asyncrat | 08eff7248a828c8be4cec506f4a6636998200632d53a9d3d71f1d1d881d597fd | Triage

Submit
Reports

Overview

overview

Static

static

1

Solara_Protect.bat

windows7-x64

8

Solara_Protect.bat

windows10-2004-x64

Sharing

General

Target

Solara_Protect.bat
Size

475B
Sample

240701-gg9r2sxflh
MD5

a723d61769537cf4fec2324ee820a862
SHA1

88c59fcc94048be74999b550d53432a79f9ad538
SHA256

08eff7248a828c8be4cec506f4a6636998200632d53a9d3d71f1d1d881d597fd
SHA512

0a06b2ed3e47f83ac6bc9133d96916251f6dfe57301a9cfd0b2c6830cba3280287147fee0bd6ed2f424107c90f2596f0083ab7320994450661c4b1fda64d0162

Score

10^/10

asyncrat solarafake execution rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Solara_Protect.bat

Resource

win7-20240419-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

Solara_Protect.bat

Resource

win10v2004-20240611-en

asyncrat solarafake execution rat spyware stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

SolaraFake

C2

anyone-blogging.gl.at.ply.gg:22284

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
Windows.exe
install_folder
%Temp%

aes.plain

Targets

- Target
  
  Solara_Protect.bat
- Size
  
  475B
- MD5
  
  a723d61769537cf4fec2324ee820a862
- SHA1
  
  88c59fcc94048be74999b550d53432a79f9ad538
- SHA256
  
  08eff7248a828c8be4cec506f4a6636998200632d53a9d3d71f1d1d881d597fd
- SHA512
  
  0a06b2ed3e47f83ac6bc9133d96916251f6dfe57301a9cfd0b2c6830cba3280287147fee0bd6ed2f424107c90f2596f0083ab7320994450661c4b1fda64d0162
Score

10^/10

execution asyncrat solarafake rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

asyncratsolarafakeexecutionratspywarestealer

© 2018-2024

Terms | Privacy