asyncrat | 1720e833db94e2388213e8dbfd8589819ddc8525295c9e2e6df61c2c6446f136 | Triage

Sharing

General

Target

1720e833db94e2388213e8dbfd8589819ddc8525295c9e2e6df61c2c6446f136
Size

56KB
Sample

220930-zfpdtsegd3
MD5

f64ccbc901901c142778923c42a6e582
SHA1

214ec7d3082028bcf42a2f7e86917c2d40b9611b
SHA256

1720e833db94e2388213e8dbfd8589819ddc8525295c9e2e6df61c2c6446f136
SHA512

6571b0c2590b9f60b86515a03ca05bbcfbce3d5f01243b91e4870d465439823551ac4129c4fb520215347b96a1a9223faa5aaffceaa0a4fdbe50cdd7a62e08d9
SSDEEP

768:huxJmUepbOSJr8UzFr4DhlWerv1NwF326QI2:hqJtLUzNehlWQ1CM6P

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

110.238.105.105:8848

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  1720e833db94e2388213e8dbfd8589819ddc8525295c9e2e6df61c2c6446f136
- Size
  
  56KB
- MD5
  
  f64ccbc901901c142778923c42a6e582
- SHA1
  
  214ec7d3082028bcf42a2f7e86917c2d40b9611b
- SHA256
  
  1720e833db94e2388213e8dbfd8589819ddc8525295c9e2e6df61c2c6446f136
- SHA512
  
  6571b0c2590b9f60b86515a03ca05bbcfbce3d5f01243b91e4870d465439823551ac4129c4fb520215347b96a1a9223faa5aaffceaa0a4fdbe50cdd7a62e08d9
- SSDEEP
  
  768:huxJmUepbOSJr8UzFr4DhlWerv1NwF326QI2:hqJtLUzNehlWQ1CM6P
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratdefaultrat

behavioral2