asyncrat | 49a739cbc8a28adc28736e145c3f245a2bdf6617663f1c33d513377fae72bbb4 | Triage

Sharing

General

Target

49a739cbc8a28adc28736e145c3f245a2bdf6617663f1c33d513377fae72bbb4
Size

36KB
Sample

221012-zlx8xsbhb8
MD5

801bddf6f14dd89827c5885a6a540de5
SHA1

6fbf71bd0d73c446133c6824be09c2b46f2db756
SHA256

49a739cbc8a28adc28736e145c3f245a2bdf6617663f1c33d513377fae72bbb4
SHA512

e46fb75a40ff00c1bade6e7a19a0f74fe0e0912e5d3828788c19c6ec9f60811945668cdf9769de3a8b8fdebf56898ed52dd093315ea4e256c293611663fe1d4c
SSDEEP

384:GIntgkiTl/PJCQCzirQCz03RAtmoYhpRd42tqHwd5ASc:GIetJCQIirQIKRGlYn42oHI2

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

172.93.181.21:8848

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  49a739cbc8a28adc28736e145c3f245a2bdf6617663f1c33d513377fae72bbb4
- Size
  
  36KB
- MD5
  
  801bddf6f14dd89827c5885a6a540de5
- SHA1
  
  6fbf71bd0d73c446133c6824be09c2b46f2db756
- SHA256
  
  49a739cbc8a28adc28736e145c3f245a2bdf6617663f1c33d513377fae72bbb4
- SHA512
  
  e46fb75a40ff00c1bade6e7a19a0f74fe0e0912e5d3828788c19c6ec9f60811945668cdf9769de3a8b8fdebf56898ed52dd093315ea4e256c293611663fe1d4c
- SSDEEP
  
  384:GIntgkiTl/PJCQCzirQCz03RAtmoYhpRd42tqHwd5ASc:GIetJCQIirQIKRGlYn42oHI2
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

asyncratdefaultrat

behavioral2