asyncrat | e079b3ba7c32c3c605ed795d257dad51fea2bb2c463cb04a2fb41f99ed7898bb | Triage

Sharing

General

Target

E079B3BA7C32C3C605ED795D257DAD51FEA2BB2C463CB.exe
Size

852KB
Sample

220126-zkv26saeg6
MD5

5f76c9bd05993fdf6bd65c3fef5155fc
SHA1

e9d93be03d0acbb25c5eb94303bd260403ec673e
SHA256

e079b3ba7c32c3c605ed795d257dad51fea2bb2c463cb04a2fb41f99ed7898bb
SHA512

b258b402bf23dc0b8b35cd8364466993b694ae91c58f52095602eff5716e3bbe9fc86fcca0028b2474f1cf414a61c91c0ea0bac0ea1e047ce5932a7edd68d348

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.6D

Botnet

Default

C2

milla.publicvm.com:6606

milla.publicvm.com:7707

milla.publicvm.com:8808

Mutex

bdeyjxzfhfrvuzdyrin

Attributes

anti_vm
false
bsod
false
delay
1
install
true
install_file
firefoxa.exe
install_folder
%AppData%
pastebin_config
null

aes.plain

Targets

- Target
  
  E079B3BA7C32C3C605ED795D257DAD51FEA2BB2C463CB.exe
- Size
  
  852KB
- MD5
  
  5f76c9bd05993fdf6bd65c3fef5155fc
- SHA1
  
  e9d93be03d0acbb25c5eb94303bd260403ec673e
- SHA256
  
  e079b3ba7c32c3c605ed795d257dad51fea2bb2c463cb04a2fb41f99ed7898bb
- SHA512
  
  b258b402bf23dc0b8b35cd8364466993b694ae91c58f52095602eff5716e3bbe9fc86fcca0028b2474f1cf414a61c91c0ea0bac0ea1e047ce5932a7edd68d348
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat