asyncrat | aed50a5da5a71dbee227b9de4c9ee68ec20e9814928b16fb231784c3d45ef4a2 | Triage

Sharing

General

Target

believe-server.txt.ps1
Size

255KB
Sample

221013-xqabjsaaek
MD5

02d3b46db023e74bf34b36d336e283d8
SHA1

fe8d8ebc03e50c39b3c38b6f9aad6e9ea6894528
SHA256

aed50a5da5a71dbee227b9de4c9ee68ec20e9814928b16fb231784c3d45ef4a2
SHA512

a1b259c6ff0ac4c108dfdf471e325f3938dcb3afe61308e75fe1058b4945076318d3403b36ac145682e53548f31e9260dba1b5e37c83a9476f2d338b4625d07a
SSDEEP

6144:wRQRmeIR/ENCsO4/TzhUtZylDwc00ddPqWBYWUaOU8Y85TNkS:SX4PhU1cFPqWt987SS

Score

10^/10

asyncrat new persistence rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

NEW

C2

185.222.58.50:4545

Mutex

MuTExtMaster_%^*$%&$&%**@%GHJBJH

Attributes

delay
3
install
false
install_file
Explorer.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  believe-server.txt.ps1
- Size
  
  255KB
- MD5
  
  02d3b46db023e74bf34b36d336e283d8
- SHA1
  
  fe8d8ebc03e50c39b3c38b6f9aad6e9ea6894528
- SHA256
  
  aed50a5da5a71dbee227b9de4c9ee68ec20e9814928b16fb231784c3d45ef4a2
- SHA512
  
  a1b259c6ff0ac4c108dfdf471e325f3938dcb3afe61308e75fe1058b4945076318d3403b36ac145682e53548f31e9260dba1b5e37c83a9476f2d338b4625d07a
- SSDEEP
  
  6144:wRQRmeIR/ENCsO4/TzhUtZylDwc00ddPqWBYWUaOU8Y85TNkS:SX4PhU1cFPqWt987SS
Score

10^/10

persistence asyncrat new rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Async RAT payload
  rat
- Registers COM server for autorun
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

asyncratnewpersistencerat