asyncrat | 38bc5a446e6cbfd8719867dbb1107e2bac10a6cafab57f2b6b3524375209fe76 | Triage

Sharing

General

Target

38bc5a446e6cbfd8719867dbb1107e2bac10a6cafab57f2b6b3524375209fe76
Size

192KB
Sample

221207-nnapvsce54
MD5

3246acde7d64ed7e91abb238cf23f212
SHA1

66bc8ebce42692ea61ccae7ca3dfced83ea0b5f0
SHA256

38bc5a446e6cbfd8719867dbb1107e2bac10a6cafab57f2b6b3524375209fe76
SHA512

2edf167585d8713f89c4ac4276893711d4cce5d593ef74d9db1f13e81dea3f2ee7cfbf44a1d5d3558c01564c69afbc997367f0e498c27d3aa4d1b98badd2bebc
SSDEEP

3072:8Ay/OIASkWdW8Z1OYlP0tguw7VZ7F7dzwQS+tjOUobT5FQJgIPHNPYX+IMYp:8AgxnkYJegu2NJf7jsb1FQSIPHNPYX+U

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

chinasea.duckdns.org:5201

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  38bc5a446e6cbfd8719867dbb1107e2bac10a6cafab57f2b6b3524375209fe76
- Size
  
  192KB
- MD5
  
  3246acde7d64ed7e91abb238cf23f212
- SHA1
  
  66bc8ebce42692ea61ccae7ca3dfced83ea0b5f0
- SHA256
  
  38bc5a446e6cbfd8719867dbb1107e2bac10a6cafab57f2b6b3524375209fe76
- SHA512
  
  2edf167585d8713f89c4ac4276893711d4cce5d593ef74d9db1f13e81dea3f2ee7cfbf44a1d5d3558c01564c69afbc997367f0e498c27d3aa4d1b98badd2bebc
- SSDEEP
  
  3072:8Ay/OIASkWdW8Z1OYlP0tguw7VZ7F7dzwQS+tjOUobT5FQJgIPHNPYX+IMYp:8AgxnkYJegu2NJf7jsb1FQSIPHNPYX+U
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

asyncratdefaultrat