asyncrat | af6794ebbb7d1dd19893bb919c5881cb6d8c026afaf5931cae3c294e6baee7ea | Triage

Sharing

General

Target

usman-server.txt.ps1
Size

255KB
Sample

221013-xptzkaaacl
MD5

f49c085a0873fe1a44e09ba9bd10c122
SHA1

134953571f892580ec793340f0997812bc928a71
SHA256

af6794ebbb7d1dd19893bb919c5881cb6d8c026afaf5931cae3c294e6baee7ea
SHA512

5e1f2ecf7c3b1f32a50182e3ced4046ffd1af6d7ddbf40e8c715f333c7ebfb8af2b5161ff0c68229ea837b2beccf769513f85b6c066a8318cab06a6550439b45
SSDEEP

6144:aRQRmeIR/ENCsOSRR3gq37ZN85OcyixP3Nf5HHLkJswKVFNvXu:wXYv4wcfxp1HwSFBu

Score

10^/10

asyncrat default persistence rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

212.192.219.56:5612

Mutex

utex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  usman-server.txt.ps1
- Size
  
  255KB
- MD5
  
  f49c085a0873fe1a44e09ba9bd10c122
- SHA1
  
  134953571f892580ec793340f0997812bc928a71
- SHA256
  
  af6794ebbb7d1dd19893bb919c5881cb6d8c026afaf5931cae3c294e6baee7ea
- SHA512
  
  5e1f2ecf7c3b1f32a50182e3ced4046ffd1af6d7ddbf40e8c715f333c7ebfb8af2b5161ff0c68229ea837b2beccf769513f85b6c066a8318cab06a6550439b45
- SSDEEP
  
  6144:aRQRmeIR/ENCsOSRR3gq37ZN85OcyixP3Nf5HHLkJswKVFNvXu:wXYv4wcfxp1HwSFBu
Score

10^/10

persistence asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Async RAT payload
  rat
- Registers COM server for autorun
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultpersistencerat