asyncrat | db91a1f06b3434c3f86c3df429e05e39d988bc929f9c7762c4f3215a2d56fe5a | Triage

Sharing

General

Target

24629f46db685706bb7b29e1a34892c4.exe
Size

82KB
Sample

220930-a87y7sdbep
MD5

24629f46db685706bb7b29e1a34892c4
SHA1

27943a8694e714b4d1c0a2ce13613ca3597fc629
SHA256

db91a1f06b3434c3f86c3df429e05e39d988bc929f9c7762c4f3215a2d56fe5a
SHA512

8da06698eabaa7f043737374bc560e9aaf59688900bb1763661ac16dfb54b9602227bd5a4796c97837c27dda4ded3c48bb7b7ed3d6cce703b573c4c892e08a31
SSDEEP

1536:mCBJ3yLqdwJt6Gv3qON+eSZPCJJNrXH80+YvtzQ8Pg6Yf9SS:mCe+WuGv3qk+e5sL8o3f9b

Score

10^/10

asyncrat windows sheel host persistence rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Windows Sheel Host

C2

20.111.19.215:3152

Mutex

Windows Sheel Host

Attributes

delay
3
install
false
install_file
Windows Sheel Host.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  24629f46db685706bb7b29e1a34892c4.exe
- Size
  
  82KB
- MD5
  
  24629f46db685706bb7b29e1a34892c4
- SHA1
  
  27943a8694e714b4d1c0a2ce13613ca3597fc629
- SHA256
  
  db91a1f06b3434c3f86c3df429e05e39d988bc929f9c7762c4f3215a2d56fe5a
- SHA512
  
  8da06698eabaa7f043737374bc560e9aaf59688900bb1763661ac16dfb54b9602227bd5a4796c97837c27dda4ded3c48bb7b7ed3d6cce703b573c4c892e08a31
- SSDEEP
  
  1536:mCBJ3yLqdwJt6Gv3qON+eSZPCJJNrXH80+YvtzQ8Pg6Yf9SS:mCe+WuGv3qk+e5sL8o3f9b
Score

10^/10

persistence asyncrat windows sheel host rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratwindows sheel hostpersistencerat