asyncrat | 2e618a6cf8584a8a3aea443c98360a32c4eb678a8a457df58ae7f8a66ebe23ee | Triage

Sharing

General

Target

SECURITYHEALTHSERVICE.EXE
Size

6KB
Sample

221104-z5gehsbbd3
MD5

d7b61ed02a876336d7f0ef3f2fae3827
SHA1

9aaf625ec1e7d7aa29a7d90ce4cafdfc35723fac
SHA256

2e618a6cf8584a8a3aea443c98360a32c4eb678a8a457df58ae7f8a66ebe23ee
SHA512

817b046a97eb5435d64a67487250bd21e97b0b60af5c3fced1f2b05e3f88967deddfe829e21f349a730e90cb40d3c1f780e7e961760d27c8a79fa2412a2ab576
SSDEEP

192:PZo9c33aUqN0kbjwNNtUqTGkb/pm1v5ldj:xo9v/ONt/T/Ipj

Score

10^/10

asyncrat windowsdefendersmarttscreen persistence rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

WindowsDefenderSmarttScreen

C2

217.64.31.3:9742

Mutex

WindowsDefenderSmarttScreen

Attributes

delay
1
install
false
install_file
WindowsDefenderSmarttScreen.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  SECURITYHEALTHSERVICE.EXE
- Size
  
  6KB
- MD5
  
  d7b61ed02a876336d7f0ef3f2fae3827
- SHA1
  
  9aaf625ec1e7d7aa29a7d90ce4cafdfc35723fac
- SHA256
  
  2e618a6cf8584a8a3aea443c98360a32c4eb678a8a457df58ae7f8a66ebe23ee
- SHA512
  
  817b046a97eb5435d64a67487250bd21e97b0b60af5c3fced1f2b05e3f88967deddfe829e21f349a730e90cb40d3c1f780e7e961760d27c8a79fa2412a2ab576
- SSDEEP
  
  192:PZo9c33aUqN0kbjwNNtUqTGkb/pm1v5ldj:xo9v/ONt/T/Ipj
Score

10^/10

asyncrat windowsdefendersmarttscreen persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratwindowsdefendersmarttscreenpersistencerat