asyncrat | d3850a52c492fd7be069cf02e5ca9da6bff3d30fa09b97aa3e9c79979f96d170 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Cardlock_341121.bat
Size

59KB
Sample

230112-an2lpaeg47
MD5

b65fc5e20e962cbeda85ef448d1fba8e
SHA1

0b592f36e7f1561b5fab4925f37667be7aa1f5ee
SHA256

d3850a52c492fd7be069cf02e5ca9da6bff3d30fa09b97aa3e9c79979f96d170
SHA512

94337e8774e27e20576f06bc6592c021601a2f255d5779271f6aea527cbe969ff16d2cf7e899c60400f80ce50e156d9779764fe4d304c7d3e18fb4d082c5de9e
SSDEEP

1536:npuKFUvT3Hm6gFmMy9j8xC6aXdNBDh+7hGbU+0wFLY:npRUTBgFmzG0DBt+78bU+JFLY

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7 - modded by last

Botnet

Default

C2

su1d.nerdpol.ovh:8848

Mutex

910301

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Cardlock_341121.bat
- Size
  
  59KB
- MD5
  
  b65fc5e20e962cbeda85ef448d1fba8e
- SHA1
  
  0b592f36e7f1561b5fab4925f37667be7aa1f5ee
- SHA256
  
  d3850a52c492fd7be069cf02e5ca9da6bff3d30fa09b97aa3e9c79979f96d170
- SHA512
  
  94337e8774e27e20576f06bc6592c021601a2f255d5779271f6aea527cbe969ff16d2cf7e899c60400f80ce50e156d9779764fe4d304c7d3e18fb4d082c5de9e
- SSDEEP
  
  1536:npuKFUvT3Hm6gFmMy9j8xC6aXdNBDh+7hGbU+0wFLY:npRUTBgFmzG0DBt+78bU+JFLY
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultrat

behavioral2

behavioral3