asyncrat | 68be8b0ee5b439ad9a32edd7e202ad818efd9ed0fb1e53777d81ae90248fe5fd | Triage

Sharing

General

Target

68be8b0ee5b439ad9a32edd7e202ad818efd9ed0fb1e53777d81ae90248fe5fd
Size

109KB
Sample

221130-p16hqsed7x
MD5

541c6da40f1e4f938b8b05ad013ccd0c
SHA1

43192e28088709d41205d2db0a17c56c14c9ef93
SHA256

68be8b0ee5b439ad9a32edd7e202ad818efd9ed0fb1e53777d81ae90248fe5fd
SHA512

1f78b99b010091cfe416bf66fb6d59b1ee175cc14cd7a23cdf0381b806cc19120116c6f422bf627d7f308fe0d27a2fb940a09af2d99c1779e839e0f300a8a664
SSDEEP

3072:V4ot1B4/W24x2pjFQOtChgEKbLP1vteRxX:qot1i/N40puOtChgEKbLP1

Score

10^/10

asyncrat 01febrero persistence rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

01FEBRERO

C2

async2020.duckdns.org:7783

async2021.duckdns.org:7783

Mutex

MUTEX3095590234NDFALKD

Attributes

delay
3
install
false
install_file
realvnc.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  68be8b0ee5b439ad9a32edd7e202ad818efd9ed0fb1e53777d81ae90248fe5fd
- Size
  
  109KB
- MD5
  
  541c6da40f1e4f938b8b05ad013ccd0c
- SHA1
  
  43192e28088709d41205d2db0a17c56c14c9ef93
- SHA256
  
  68be8b0ee5b439ad9a32edd7e202ad818efd9ed0fb1e53777d81ae90248fe5fd
- SHA512
  
  1f78b99b010091cfe416bf66fb6d59b1ee175cc14cd7a23cdf0381b806cc19120116c6f422bf627d7f308fe0d27a2fb940a09af2d99c1779e839e0f300a8a664
- SSDEEP
  
  3072:V4ot1B4/W24x2pjFQOtChgEKbLP1vteRxX:qot1i/N40puOtChgEKbLP1
Score

10^/10

asyncrat 01febrero persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncrat01febreropersistencerat

behavioral2