asyncrat | 3a854a86cb00b76c36b5c41e2d8e1f08a8f12ab98c2105690d78e3c65b717e8f | Triage

Submit
Reports

Overview

overview

Static

static

3

3a854a86cb...cs.exe

windows7-x64

3a854a86cb...cs.exe

windows10-2004-x64

Sharing

General

Target

3a854a86cb00b76c36b5c41e2d8e1f08a8f12ab98c2105690d78e3c65b717e8f_NeikiAnalytics.exe
Size

266KB
Sample

240701-gqggvsxgmd
MD5

77a611fd524d39d270036a0d8a8bce30
SHA1

680368e32a8696085d3c83ab13fce90aa6a22e3b
SHA256

3a854a86cb00b76c36b5c41e2d8e1f08a8f12ab98c2105690d78e3c65b717e8f
SHA512

86bd7fc3f5cc6b270630928a5d73301688ad61ffe91238f96699eadd840f60f28af3d2d4bd80fe7a1da88fe9e5268ba3640db1d4535b575c38faf9ee61c0d08e
SSDEEP

3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/sc:WFzDqa86hV6uRRqX1evPlwAEc

Score

10^/10

asyncrat persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3a854a86cb00b76c36b5c41e2d8e1f08a8f12ab98c2105690d78e3c65b717e8f_NeikiAnalytics.exe

Resource

win7-20240508-en

asyncrat persistence rat

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

3a854a86cb00b76c36b5c41e2d8e1f08a8f12ab98c2105690d78e3c65b717e8f_NeikiAnalytics.exe

Resource

win10v2004-20240226-en

asyncrat persistence rat

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  3a854a86cb00b76c36b5c41e2d8e1f08a8f12ab98c2105690d78e3c65b717e8f_NeikiAnalytics.exe
- Size
  
  266KB
- MD5
  
  77a611fd524d39d270036a0d8a8bce30
- SHA1
  
  680368e32a8696085d3c83ab13fce90aa6a22e3b
- SHA256
  
  3a854a86cb00b76c36b5c41e2d8e1f08a8f12ab98c2105690d78e3c65b717e8f
- SHA512
  
  86bd7fc3f5cc6b270630928a5d73301688ad61ffe91238f96699eadd840f60f28af3d2d4bd80fe7a1da88fe9e5268ba3640db1d4535b575c38faf9ee61c0d08e
- SSDEEP
  
  3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/sc:WFzDqa86hV6uRRqX1evPlwAEc
Score

10^/10

asyncrat persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

asyncratpersistencerat

behavioral2

asyncratpersistencerat

© 2018-2024

Terms | Privacy