asyncrat | 09ee4fc7d4d4970dd3d30c8e2269e907971b337da0d1a0f8b78fe50a892b2639 | Triage

Sharing

General

Target

chromegoogle.exe
Size

579KB
Sample

201229-dxnkbqtmmx
MD5

6febf3e909196257afcc4dcc8b5eb4e7
SHA1

d6faa617c061a73ff1075c97833baa01cff7d51c
SHA256

09ee4fc7d4d4970dd3d30c8e2269e907971b337da0d1a0f8b78fe50a892b2639
SHA512

38af2d1d42f2636e6374ce1a6eca4aab8eaf0ddc75ba30b9204ab71969819b1f7a2bea9286ef6fc2301200d72976dd44b886df7db78d5a8ee5165aa0cc8beac8

Score

10^/10

asyncrat rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

C2

null:null

Mutex

AsyncMutex_6SI8OkPnk

Attributes

aes_key
EfA8oEwdphb1PRVOxTe3AN4wESj6UjIj
anti_detection
false
autorun
true
bdos
false
delay
CORONA
host
null
hwid
3
install_file
install_folder
%AppData%
mutex
AsyncMutex_6SI8OkPnk
pastebin_config
https://pastebin.com/raw/KVXdCZYr
port
null
version
0.5.7B

aes.plain

Targets

- Target
  
  chromegoogle.exe
- Size
  
  579KB
- MD5
  
  6febf3e909196257afcc4dcc8b5eb4e7
- SHA1
  
  d6faa617c061a73ff1075c97833baa01cff7d51c
- SHA256
  
  09ee4fc7d4d4970dd3d30c8e2269e907971b337da0d1a0f8b78fe50a892b2639
- SHA512
  
  38af2d1d42f2636e6374ce1a6eca4aab8eaf0ddc75ba30b9204ab71969819b1f7a2bea9286ef6fc2301200d72976dd44b886df7db78d5a8ee5165aa0cc8beac8
Score

10^/10

asyncrat rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2