asyncrat | 6d96369f6db259db2935944db579b7aea9b9da92543298491cb8a73a296609a3 | Triage

Sharing

General

Target

b.png
Size

238KB
Sample

221206-r9cccsbe6y
MD5

6e91be6c47db5fd6a0d0db5f52cff024
SHA1

d2a2f20942877a32847e249c626ccc4d1471b4de
SHA256

6d96369f6db259db2935944db579b7aea9b9da92543298491cb8a73a296609a3
SHA512

97320a55c3dd285d2a848b5a87cb1f31104c9a2c81bf0efdac974f4f399263cec6e241803cb13afde9bb4c8bc920181f1b619b95cf523dcbe928b6ec9a2d964d
SSDEEP

3072:tJKMWXWQN8gnKRJmZzD373ApJpMi8RzZWdV:tEMWXWQN8UKROzD373ApJpMzFZWdV

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Default

C2

nasori.ddnsfree.com:6666

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  b.png
- Size
  
  238KB
- MD5
  
  6e91be6c47db5fd6a0d0db5f52cff024
- SHA1
  
  d2a2f20942877a32847e249c626ccc4d1471b4de
- SHA256
  
  6d96369f6db259db2935944db579b7aea9b9da92543298491cb8a73a296609a3
- SHA512
  
  97320a55c3dd285d2a848b5a87cb1f31104c9a2c81bf0efdac974f4f399263cec6e241803cb13afde9bb4c8bc920181f1b619b95cf523dcbe928b6ec9a2d964d
- SSDEEP
  
  3072:tJKMWXWQN8gnKRJmZzD373ApJpMi8RzZWdV:tEMWXWQN8UKROzD373ApJpMzFZWdV
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultrat