asyncrat | e9b025c3083c60b1260f6c9b6909f3c80aa7861814b4cee817b5485bb9b3e700 | Triage

Sharing

General

Target

Production order List Quotation.pdf.exe
Size

874KB
Sample

210115-p2lcq3s2te
MD5

30028635a4d6eaceee5c23499f73aa3a
SHA1

94ee1f211c7c5e14cf5835071cf16f239eefebd7
SHA256

e9b025c3083c60b1260f6c9b6909f3c80aa7861814b4cee817b5485bb9b3e700
SHA512

5a9597eeca40dd4ad0e82730608e8527c239e7459423f3b530e49cc0e174eaf79193865c0fa6e610c36b0ef353c4e35ddf290c95ea88b9dd82b27aeb8697f360

Score

10^/10

asyncrat persistence rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

C2

1.remcosagent.com:1993

Mutex

AsyncMutex_6SI8OkPnk

Attributes

aes_key
zfpcQBbFjdAkORcbNZ0s5ioknjh7mjo2
anti_detection
false
autorun
false
bdos
false
delay
Default
host
1.remcosagent.com
hwid
3
install_file
install_folder
%AppData%
mutex
AsyncMutex_6SI8OkPnk
pastebin_config
null
port
1993
version
0.5.7B

aes.plain

Targets

- Target
  
  Production order List Quotation.pdf.exe
- Size
  
  874KB
- MD5
  
  30028635a4d6eaceee5c23499f73aa3a
- SHA1
  
  94ee1f211c7c5e14cf5835071cf16f239eefebd7
- SHA256
  
  e9b025c3083c60b1260f6c9b6909f3c80aa7861814b4cee817b5485bb9b3e700
- SHA512
  
  5a9597eeca40dd4ad0e82730608e8527c239e7459423f3b530e49cc0e174eaf79193865c0fa6e610c36b0ef353c4e35ddf290c95ea88b9dd82b27aeb8697f360
Score

10^/10

asyncrat persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Modifies WinLogon for persistence
  persistence
- Async RAT payload
  rat
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratpersistencerat

behavioral2