asyncrat

General

Target

PAYMENT_COPIER-PDF.exe
Size

614KB
Sample

210115-syyjw4hz4e
MD5

420b8126273bae41ebcf03c1d90ff581
SHA1

d30d32a0993778df3823e8a7a896ddcab8fd8c94
SHA256

5cefff6712f29c6f7fe30bfd3f7d1e790e5474ef242304a91348369b3c1afcab
SHA512

5809f09897dc4fa94c15f29f5942ca873ad74a4509e5e28db54dd739fd171cf68046321bb61afc54a9795d315962822afdc9dfe99d9a9b8612e1b98a7cffb7da

Score

10^/10

asyncrat rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.6D

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

79.134.225.22:6606

79.134.225.22:7707

79.134.225.22:8808

91.193.75.122:6606

91.193.75.122:7707

91.193.75.122:8808

Mutex

zvnqorsaslyyrhro

Attributes

aes_key
RqLMDJRwW683DhbzEvUdl4n3FCMZGQW8
anti_detection
false
autorun
false
bdos
false
delay
NEWFILE
host
127.0.0.1,79.134.225.22,91.193.75.122
hwid
10
install_file
install_folder
%AppData%
mutex
zvnqorsaslyyrhro
pastebin_config
null
port
6606,7707,8808
version
0.5.6D

aes.plain

Targets

- Target
  
  PAYMENT_COPIER-PDF.exe
- Size
  
  614KB
- MD5
  
  420b8126273bae41ebcf03c1d90ff581
- SHA1
  
  d30d32a0993778df3823e8a7a896ddcab8fd8c94
- SHA256
  
  5cefff6712f29c6f7fe30bfd3f7d1e790e5474ef242304a91348369b3c1afcab
- SHA512
  
  5809f09897dc4fa94c15f29f5942ca873ad74a4509e5e28db54dd739fd171cf68046321bb61afc54a9795d315962822afdc9dfe99d9a9b8612e1b98a7cffb7da
Score

10^/10

asyncrat rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Async RAT payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2