asyncrat | e662022f03271901b4160d6787a742c1e8b8b24ec44686206fe8e6ed61714302 | Triage

Sharing

General

Target

e662022f03271901b4160d6787a742c1e8b8b24ec44686206fe8e6ed61714302
Size

3.7MB
Sample

220420-q69b9acca4
MD5

50f94e792afda30fe1c485c2d733ddae
SHA1

5acb6535b97021f32220fb4ec2c68bb3019ec55b
SHA256

e662022f03271901b4160d6787a742c1e8b8b24ec44686206fe8e6ed61714302
SHA512

2f5cdd6c589289e1e35cc50fc449c6419a81f724e65770d9bb2aca5f42472476a06de522e7a9f29d6e6dd52ff49fac355a058f9971ef3ee4b3c274ebd4de8834

Score

10^/10

asyncrat 2 persistence rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.6B

Botnet

2

C2

76.223.249.60:6606

76.223.249.60:7707

76.223.249.60:8808

Mutex

fscdeuqvqetgvzu

Attributes

delay
0
install
false
install_file
support.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  e662022f03271901b4160d6787a742c1e8b8b24ec44686206fe8e6ed61714302
- Size
  
  3.7MB
- MD5
  
  50f94e792afda30fe1c485c2d733ddae
- SHA1
  
  5acb6535b97021f32220fb4ec2c68bb3019ec55b
- SHA256
  
  e662022f03271901b4160d6787a742c1e8b8b24ec44686206fe8e6ed61714302
- SHA512
  
  2f5cdd6c589289e1e35cc50fc449c6419a81f724e65770d9bb2aca5f42472476a06de522e7a9f29d6e6dd52ff49fac355a058f9971ef3ee4b3c274ebd4de8834
Score

10^/10

asyncrat 2 persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Modifies WinLogon for persistence
  persistence
- Async RAT payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncrat2persistencerat

behavioral2