asyncrat | 6b61b14e8e25fc2751f2a066f30db95ad7f642eacec2973ae1478c9e89b7e137 | Triage

Sharing

General

Target

5c15a228aab0bbccc9323c389596c291.exe
Size

551KB
Sample

201230-vypaa36n32
MD5

5c15a228aab0bbccc9323c389596c291
SHA1

6d43bf4a2e45b03c593eab5fabe6dcdc8eee99d4
SHA256

6b61b14e8e25fc2751f2a066f30db95ad7f642eacec2973ae1478c9e89b7e137
SHA512

2faf217c220e2f78b21ba5d6dc8c115b23a5bf86be0743c5516b976a40befd66f992f72439d8242ffd37579a86b2062f3ce4f652caeb7d20eafb784ee80b7dde

Score

10^/10

asyncrat rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

C2

agentttt.ac.ug:6970

agentpurple.ac.ug:6970

Mutex

AsyncMutex_6SI8OkPnk

Attributes

aes_key
16dw6EDbQkYZp5BTs7cmLUicVtOA4UQr
anti_detection
false
autorun
false
bdos
false
delay
Default
host
agentttt.ac.ug,agentpurple.ac.ug
hwid
3
install_file
install_folder
%AppData%
mutex
AsyncMutex_6SI8OkPnk
pastebin_config
null
port
6970
version
0.5.7B

aes.plain

Targets

- Target
  
  5c15a228aab0bbccc9323c389596c291.exe
- Size
  
  551KB
- MD5
  
  5c15a228aab0bbccc9323c389596c291
- SHA1
  
  6d43bf4a2e45b03c593eab5fabe6dcdc8eee99d4
- SHA256
  
  6b61b14e8e25fc2751f2a066f30db95ad7f642eacec2973ae1478c9e89b7e137
- SHA512
  
  2faf217c220e2f78b21ba5d6dc8c115b23a5bf86be0743c5516b976a40befd66f992f72439d8242ffd37579a86b2062f3ce4f652caeb7d20eafb784ee80b7dde
Score

10^/10

asyncrat rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2