asyncrat | 1c3703e6a606a118618df7103ff5688021d20768c90f5d5fc8401a13797f367c | Triage

Sharing

General

Target

1c3703e6a606a118618df7103ff5688021d20768c90f5d5fc8401a13797f367c
Size

5KB
Sample

221113-sn4edsbd99
MD5

62bdf784440078b827c9da994a51f08c
SHA1

a49ddd1891695b59cd5ae63897c08ac997e22aac
SHA256

1c3703e6a606a118618df7103ff5688021d20768c90f5d5fc8401a13797f367c
SHA512

a2ab985f5b9b8d0e1c7dfe49597ba9e0325e2d0467156903b040149c258daeff04c59ef1c86ecf95c912980f65ffe35c7794cb5d5a95e165f0ea297ff7dd4acd
SSDEEP

96:l79tll3VI2UntHa4vk+PN8+/fZUHxUd3ojVrl:N9t/33sw4vkC8+/fUUdQ

Score

10^/10

asyncrat system guard runtime rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

System Guard Runtime

C2

85.105.88.221:2531

Mutex

System Guard Runtime

Attributes

delay
3
install
false
install_file
System Guard Runtime
install_folder
%AppData%

aes.plain

Targets

- Target
  
  1c3703e6a606a118618df7103ff5688021d20768c90f5d5fc8401a13797f367c
- Size
  
  5KB
- MD5
  
  62bdf784440078b827c9da994a51f08c
- SHA1
  
  a49ddd1891695b59cd5ae63897c08ac997e22aac
- SHA256
  
  1c3703e6a606a118618df7103ff5688021d20768c90f5d5fc8401a13797f367c
- SHA512
  
  a2ab985f5b9b8d0e1c7dfe49597ba9e0325e2d0467156903b040149c258daeff04c59ef1c86ecf95c912980f65ffe35c7794cb5d5a95e165f0ea297ff7dd4acd
- SSDEEP
  
  96:l79tll3VI2UntHa4vk+PN8+/fZUHxUd3ojVrl:N9t/33sw4vkC8+/fUUdQ
Score

10^/10

asyncrat system guard runtime rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratsystem guard runtimerat