asyncrat | 3357b66c29f17a70151645c4a4952c7b4c81b1f42532e8e84c137e2c27d95a2c | Triage

Sharing

General

Target

3357b66c29f17a70151645c4a4952c7b4c81b1f42532e8e84c137e2c27d95a2c
Size

78KB
Sample

220121-3j8hnaddgk
MD5

89fdfbcd6cd79798d8469942afda14e2
SHA1

86e28eb8cd37fd6602eaa55e594b2b6c930a66e7
SHA256

3357b66c29f17a70151645c4a4952c7b4c81b1f42532e8e84c137e2c27d95a2c
SHA512

e5b79d80da085e934ce130fc8596e8cc18b49e00a0675d134334b93c9694281b7b58d45c0245b931468236b4bedc87226d4ca381480c70c98fc90789b62f8f33

Score

10^/10

asyncrat default persistence rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

pruebanumerounoaa.duckdns.org:1992

Mutex

AsyncMutex_6SI8OkPnk

Attributes

anti_vm
false
bsod
false
delay
3
install
true
install_file
calc.exe
install_folder
%AppData%
pastebin_config
null

aes.plain

Targets

- Target
  
  3357b66c29f17a70151645c4a4952c7b4c81b1f42532e8e84c137e2c27d95a2c
- Size
  
  78KB
- MD5
  
  89fdfbcd6cd79798d8469942afda14e2
- SHA1
  
  86e28eb8cd37fd6602eaa55e594b2b6c930a66e7
- SHA256
  
  3357b66c29f17a70151645c4a4952c7b4c81b1f42532e8e84c137e2c27d95a2c
- SHA512
  
  e5b79d80da085e934ce130fc8596e8cc18b49e00a0675d134334b93c9694281b7b58d45c0245b931468236b4bedc87226d4ca381480c70c98fc90789b62f8f33
Score

10^/10

asyncrat default persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Modifies WinLogon for persistence
  persistence
- Async RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Winlogon Helper DLL

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratdefaultpersistencerat

behavioral2

asyncratdefaultpersistencerat