asyncrat | c5422bb48cf84aec0d630bd24227c42b477be5cdd2957de4aa6d3b7581187c35 | Triage

Sharing

General

Target

b.png
Size

291KB
Sample

221206-pqyedahb99
MD5

8078557221981a8df212716a045e1ef5
SHA1

d6c8b1c4a79730f1fa5875b65d7d6780b2318300
SHA256

c5422bb48cf84aec0d630bd24227c42b477be5cdd2957de4aa6d3b7581187c35
SHA512

1996b38534869f92697edc2ae97d891e465400241444ed5a4d6af944ce04997d549bad2093a2fb57280d440ad93a18156cf23d7deacadb9dcba5120b9f82cd72
SSDEEP

3072:oL1UfzrhJAgGH3zDTp3AptTbQI8Iv1vZoZWdP:ohUfzrhJAgGH3zDTp3AptTMIUZWdP

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Default

C2

munroe.work.gd:6606

munroe.work.gd:7707

munroe.work.gd:8808

Mutex

AsyncMutex_fuck

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  b.png
- Size
  
  291KB
- MD5
  
  8078557221981a8df212716a045e1ef5
- SHA1
  
  d6c8b1c4a79730f1fa5875b65d7d6780b2318300
- SHA256
  
  c5422bb48cf84aec0d630bd24227c42b477be5cdd2957de4aa6d3b7581187c35
- SHA512
  
  1996b38534869f92697edc2ae97d891e465400241444ed5a4d6af944ce04997d549bad2093a2fb57280d440ad93a18156cf23d7deacadb9dcba5120b9f82cd72
- SSDEEP
  
  3072:oL1UfzrhJAgGH3zDTp3AptTbQI8Iv1vZoZWdP:ohUfzrhJAgGH3zDTp3AptTMIUZWdP
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultrat