asyncrat | 076e4633041a59ad31e39c58b5fe8c3952b5017066cca84251f7eb520cbe88b3 | Triage

Sharing

General

Target

076e4633041a59ad31e39c58b5fe8c3952b5017066cca84251f7eb520cbe88b3
Size

189KB
Sample

221207-nna1mace56
MD5

1e2c77d1cf1de4878730f4eaf567ffda
SHA1

4cf8a5c9ad85972dbb2b63ab65516f4bf2ccebce
SHA256

076e4633041a59ad31e39c58b5fe8c3952b5017066cca84251f7eb520cbe88b3
SHA512

d71ab65908667cdfd103755dac482e4f97666b028d0156116e6ea979b14869178bc392939f33326ef2e484eef417d30d8d840220609c23b3453ca7bfcdf4ee4d
SSDEEP

3072:N+517hT6JMWl6EFnngF7j5qrlcLtWNis/2bvSpsp96/It9X/jV6EhPeqBX:N+DJMUEFCYr6YNis/aSpK3n/jV6uPeqB

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

chinasea.duckdns.org:5201

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  076e4633041a59ad31e39c58b5fe8c3952b5017066cca84251f7eb520cbe88b3
- Size
  
  189KB
- MD5
  
  1e2c77d1cf1de4878730f4eaf567ffda
- SHA1
  
  4cf8a5c9ad85972dbb2b63ab65516f4bf2ccebce
- SHA256
  
  076e4633041a59ad31e39c58b5fe8c3952b5017066cca84251f7eb520cbe88b3
- SHA512
  
  d71ab65908667cdfd103755dac482e4f97666b028d0156116e6ea979b14869178bc392939f33326ef2e484eef417d30d8d840220609c23b3453ca7bfcdf4ee4d
- SSDEEP
  
  3072:N+517hT6JMWl6EFnngF7j5qrlcLtWNis/2bvSpsp96/It9X/jV6EhPeqBX:N+DJMUEFCYr6YNis/aSpK3n/jV6uPeqB
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

asyncratdefaultrat