asyncrat | 2a48fa5118bf1c97de6a6b7b0a45bcc95bd678d54f31e2f2d003e5f3ea49c780 | Triage

Sharing

General

Target

2ed2a1d6604afeaa681f4c66dcd84194.exe
Size

141KB
Sample

220805-h28wxshdbn
MD5

2ed2a1d6604afeaa681f4c66dcd84194
SHA1

6134d837220afe9377cd78950c8aca43dde08d8c
SHA256

2a48fa5118bf1c97de6a6b7b0a45bcc95bd678d54f31e2f2d003e5f3ea49c780
SHA512

b6dc02f1974d0d90b171432156b85044ab67b51c00c9a6f2ce98562342dd2afb64ac36ae57e291d37da0db564c7191567183917971455969d9eb930c920e8979

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

techandro.giize.com:6906

techandro.giize.com:6907

hsolic.duckdns.org:6906

hsolic.duckdns.org:6907

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
true
install_file
sihost.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  2ed2a1d6604afeaa681f4c66dcd84194.exe
- Size
  
  141KB
- MD5
  
  2ed2a1d6604afeaa681f4c66dcd84194
- SHA1
  
  6134d837220afe9377cd78950c8aca43dde08d8c
- SHA256
  
  2a48fa5118bf1c97de6a6b7b0a45bcc95bd678d54f31e2f2d003e5f3ea49c780
- SHA512
  
  b6dc02f1974d0d90b171432156b85044ab67b51c00c9a6f2ce98562342dd2afb64ac36ae57e291d37da0db564c7191567183917971455969d9eb930c920e8979
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratdefaultrat

behavioral2