asyncrat | cb714a88554c55d7bf123dd8ba8940afe819e9eaaf18fc8a6e2cc404f7af0cd1 | Triage

Sharing

General

Target

cb714a88554c55d7bf123dd8ba8940afe819e9eaaf18fc8a6e2cc404f7af0cd1
Size

312KB
Sample

221129-kft7race35
MD5

e807896c804f70ab207bc75bf293d9bb
SHA1

d16108b1bc2d3e936f8f30ae897d38c1a4cdaf1e
SHA256

cb714a88554c55d7bf123dd8ba8940afe819e9eaaf18fc8a6e2cc404f7af0cd1
SHA512

0c7e370978fd1aa12f7f1ae5d3ce0bd52aa03ce2ab81017baef830b4c8d5b47357b37e12db79747d763826f1bec2f907eac5eaf3281a2b3274c0f2e15bd96651
SSDEEP

6144:G9In5IRkTy7AfhhNNB4qjmhKV6oWfoSEtu1itWpNSn40X8tgrsu5:tiRkrJhNNBFjmsh2oSsWpNRLu5

Score

10^/10

asyncrat default persistence rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

mnbvclhg.duckdns.org:8026

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  cb714a88554c55d7bf123dd8ba8940afe819e9eaaf18fc8a6e2cc404f7af0cd1
- Size
  
  312KB
- MD5
  
  e807896c804f70ab207bc75bf293d9bb
- SHA1
  
  d16108b1bc2d3e936f8f30ae897d38c1a4cdaf1e
- SHA256
  
  cb714a88554c55d7bf123dd8ba8940afe819e9eaaf18fc8a6e2cc404f7af0cd1
- SHA512
  
  0c7e370978fd1aa12f7f1ae5d3ce0bd52aa03ce2ab81017baef830b4c8d5b47357b37e12db79747d763826f1bec2f907eac5eaf3281a2b3274c0f2e15bd96651
- SSDEEP
  
  6144:G9In5IRkTy7AfhhNNB4qjmhKV6oWfoSEtu1itWpNSn40X8tgrsu5:tiRkrJhNNBFjmsh2oSsWpNRLu5
Score

10^/10

asyncrat default persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultpersistencerat

behavioral2

asyncratdefaultpersistencerat