asyncrat | 7fcb98579512e3df028c8199b530d8e027d55a871d2afb81aeb5994adac814bf | Triage

Sharing

General

Target

7fcb98579512e3df028c8199b530d8e027d55a871d2afb81aeb5994adac814bf
Size

617KB
Sample

211021-1apm3sagf4
MD5

8febef9e39284335678e45955722d6a6
SHA1

0f5de2557c7cef0c486157089cf2b761ca8839d7
SHA256

7fcb98579512e3df028c8199b530d8e027d55a871d2afb81aeb5994adac814bf
SHA512

e8b70e73b960b4fa3fa209baaf702990dc4a153cca85eca5a9586ab42dab82d99d6ecec15c9ed043cca2637710f2921f94b2a2b934c9960fe36514cdf4ceacbf

Score

10^/10

asyncrat 1 persistence rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

1

C2

185.157.160.136:1973

Mutex

df4Rtg34dFjwr7ujp3

Attributes

anti_vm
false
bsod
false
delay
38
install
false
install_folder
%AppData%
pastebin_config
null

aes.plain

Targets

- Target
  
  7fcb98579512e3df028c8199b530d8e027d55a871d2afb81aeb5994adac814bf
- Size
  
  617KB
- MD5
  
  8febef9e39284335678e45955722d6a6
- SHA1
  
  0f5de2557c7cef0c486157089cf2b761ca8839d7
- SHA256
  
  7fcb98579512e3df028c8199b530d8e027d55a871d2afb81aeb5994adac814bf
- SHA512
  
  e8b70e73b960b4fa3fa209baaf702990dc4a153cca85eca5a9586ab42dab82d99d6ecec15c9ed043cca2637710f2921f94b2a2b934c9960fe36514cdf4ceacbf
Score

10^/10

asyncrat 1 persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncrat1persistencerat