asyncrat

General

Target

9b608fcfcff20713072deb68b58dd218cc10f880b5c85a7903aec99d9471f269
Size

315KB
Sample

221130-vjml7acb3x
MD5

42ffde5af3d66024c0699f14922bb1da
SHA1

b4019d8834f565877ead605a6930e5fdb1bdcfa1
SHA256

9b608fcfcff20713072deb68b58dd218cc10f880b5c85a7903aec99d9471f269
SHA512

cef54ced9dd019f24cd8619e3fd989a8ca146680ffb9b98217941068d79c26a38476d696d2a6c91c69fde70e3b8f25f05c18462682b26486f693c16badcd82fe
SSDEEP

6144:D6xqzHOWLMGBgPcpdrVVsqy3WmSNRbNqfWvC:OxqzHOM/HVVs/3WNbMfWvC

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

40.75.8.74:7707

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Extracted

Family

asyncrat

Version

0.5.7A

Botnet

Default

C2

23.102.129.234:7707

Mutex

uvkcjjugzqls

Attributes

delay
1
install
false
install_file
svchost.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  9b608fcfcff20713072deb68b58dd218cc10f880b5c85a7903aec99d9471f269
- Size
  
  315KB
- MD5
  
  42ffde5af3d66024c0699f14922bb1da
- SHA1
  
  b4019d8834f565877ead605a6930e5fdb1bdcfa1
- SHA256
  
  9b608fcfcff20713072deb68b58dd218cc10f880b5c85a7903aec99d9471f269
- SHA512
  
  cef54ced9dd019f24cd8619e3fd989a8ca146680ffb9b98217941068d79c26a38476d696d2a6c91c69fde70e3b8f25f05c18462682b26486f693c16badcd82fe
- SSDEEP
  
  6144:D6xqzHOWLMGBgPcpdrVVsqy3WmSNRbNqfWvC:OxqzHOM/HVVs/3WNbMfWvC
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Async RAT payload

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2