asyncrat | 5c6457b1c5d9a5669d01a39aeabd18d08a8de3027e2667cc9418c5072341c931 | Triage

Sharing

General

Target

RuntimeBroker.exe
Size

158KB
Sample

220130-c2187adecr
MD5

47e80714d9335e104dfe11c2a1d2cb6f
SHA1

69286d95f44b39d2ffefaf6be53b4b9c6a63d080
SHA256

5c6457b1c5d9a5669d01a39aeabd18d08a8de3027e2667cc9418c5072341c931
SHA512

e4a809cc9ffed42f97ed9997ee8442c9e5ba1c7860ef74da74ea09702c8e00e29919a73e91ef5149f2119e09624cd8ac00388851bfffc07cce7d945d7c48d915

Score

10^/10

asyncrat enc_crypted rat suricata

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

enc_crypted

C2

null:null

Mutex

zerosum0x0_mtx9463

Attributes

anti_vm
false
bsod
true
delay
1
install
true
install_file
RuntimeBroker.exe
install_folder
%Temp%
pastebin_config
https://pastebin.com/raw/sRMHQY7h

aes.plain

Targets

- Target
  
  RuntimeBroker.exe
- Size
  
  158KB
- MD5
  
  47e80714d9335e104dfe11c2a1d2cb6f
- SHA1
  
  69286d95f44b39d2ffefaf6be53b4b9c6a63d080
- SHA256
  
  5c6457b1c5d9a5669d01a39aeabd18d08a8de3027e2667cc9418c5072341c931
- SHA512
  
  e4a809cc9ffed42f97ed9997ee8442c9e5ba1c7860ef74da74ea09702c8e00e29919a73e91ef5149f2119e09624cd8ac00388851bfffc07cce7d945d7c48d915
Score

10^/10

asyncrat enc_crypted rat suricata
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT)
  suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT)
  suricata
- Async RAT payload
  rat
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

asyncratenc_cryptedrat

behavioral2

asyncratenc_cryptedratsuricata