asyncrat | bb54c9a7ad63b674a1afe299d70c0ac67e399d1b055fee7bda03645ee2ae338e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bb54c9a7ad63b674a1afe299d70c0ac67e399d1b055fee7bda03645ee2ae338e
Size

5KB
Sample

221225-jaa19abc24
MD5

eff62daebe6a245573c619e4beef2a3a
SHA1

e4de9e23b124e8289f2942b4a5ed6f304330d8cc
SHA256

bb54c9a7ad63b674a1afe299d70c0ac67e399d1b055fee7bda03645ee2ae338e
SHA512

ba9d1d2af417c954ff807e0c30737427d6c7779fbbd35454639aa0526b6e555f4b6e8b0c2d46c76c4a24e092b553f4621794788dccedf3a699d0a437afae43e9
SSDEEP

96:QsTr79hCL1bhycGdH8uaRXtyuvk+1OAYysds9vk+1TbGvvqd3ojOxHrl:Q+X9hCL1bhyc33vksYylvkUb+qdth

Score

10^/10

asyncrat uwuiscomic persistence rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

UWUISCOMIC

C2

20.100.196.69:9281

Mutex

UWUISCOMIC

Attributes

delay
3
install
false
install_file
DerenderScuriry
install_folder
%AppData%

aes.plain

Targets

- Target
  
  bb54c9a7ad63b674a1afe299d70c0ac67e399d1b055fee7bda03645ee2ae338e
- Size
  
  5KB
- MD5
  
  eff62daebe6a245573c619e4beef2a3a
- SHA1
  
  e4de9e23b124e8289f2942b4a5ed6f304330d8cc
- SHA256
  
  bb54c9a7ad63b674a1afe299d70c0ac67e399d1b055fee7bda03645ee2ae338e
- SHA512
  
  ba9d1d2af417c954ff807e0c30737427d6c7779fbbd35454639aa0526b6e555f4b6e8b0c2d46c76c4a24e092b553f4621794788dccedf3a699d0a437afae43e9
- SSDEEP
  
  96:QsTr79hCL1bhycGdH8uaRXtyuvk+1OAYysds9vk+1TbGvvqd3ojOxHrl:Q+X9hCL1bhyc33vksYylvkUb+qdth
Score

10^/10

asyncrat uwuiscomic persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratuwuiscomicpersistencerat