asyncrat | 8b3bcce39aee0df9fc37b2f009ecc2e9c570c665f632c576f7ae8c2f32a87a1d | Triage

Sharing

General

Target

CONTRACT_87908.exe
Size

842KB
Sample

210113-hr8ae6fngj
MD5

044be31c4ec02f25b5627cf889d581d6
SHA1

caba9cc3c77d49aa4f2f2f3bb3b6b779dd7ad1b1
SHA256

8b3bcce39aee0df9fc37b2f009ecc2e9c570c665f632c576f7ae8c2f32a87a1d
SHA512

13e8542241251a9886f91c8d429bcc49394719395092ab42c243f2a9f6a32a520fda529f2ac91371aeec320b84403429e399b00131541284f0fdcef9d2c0af6a

Score

10^/10

asyncrat rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.6D

C2

91.193.75.182:8808

:8808

Mutex

iqtkuvwaczxdagzqzrf

Attributes

aes_key
MtZYMqjMdClo4OGaE86hJg0xTpxOqdzU
anti_detection
false
autorun
false
bdos
false
delay
TLVAudio
host
91.193.75.182,
hwid
1
install_file
install_folder
%AppData%
mutex
iqtkuvwaczxdagzqzrf
pastebin_config
null
port
8808
version
0.5.6D

aes.plain

Targets

- Target
  
  CONTRACT_87908.exe
- Size
  
  842KB
- MD5
  
  044be31c4ec02f25b5627cf889d581d6
- SHA1
  
  caba9cc3c77d49aa4f2f2f3bb3b6b779dd7ad1b1
- SHA256
  
  8b3bcce39aee0df9fc37b2f009ecc2e9c570c665f632c576f7ae8c2f32a87a1d
- SHA512
  
  13e8542241251a9886f91c8d429bcc49394719395092ab42c243f2a9f6a32a520fda529f2ac91371aeec320b84403429e399b00131541284f0fdcef9d2c0af6a
Score

10^/10

asyncrat rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2