asyncrat | 99ef5cdcc8d4101b45c724b59f9cd8c3cad9ca4b224d25fc9701b795b9939ceb | Triage

Sharing

General

Target

99ef5cdcc8d4101b45c724b59f9cd8c3cad9ca4b224d25fc9701b795b9939ceb
Size

623KB
Sample

230129-1bhadseh6s
MD5

7c96849ae4903afd6f8d853458cb1f59
SHA1

961806408c4be9d2d826b0665cba46e86dfc5c6a
SHA256

99ef5cdcc8d4101b45c724b59f9cd8c3cad9ca4b224d25fc9701b795b9939ceb
SHA512

18f33913b76737b302f9ce0d9c6925ab9a0c0c2ab5ef9f6c5b9fa220bbec7e78036c2ba4ccff62c7420e4ef9ba5228f30c163256a2849f16d0690ad5820a02dd
SSDEEP

12288:0JM7K/6xFVdY/r29tDIVmz/Oee0F0q5jGLH6+usB:uXCxFVdY68VE/OX0RFCHa8

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:59588

127.0.0.1:8808

mr7bashbab.ddns.net:6606

mr7bashbab.ddns.net:7707

mr7bashbab.ddns.net:59588

mr7bashbab.ddns.net:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
System.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  99ef5cdcc8d4101b45c724b59f9cd8c3cad9ca4b224d25fc9701b795b9939ceb
- Size
  
  623KB
- MD5
  
  7c96849ae4903afd6f8d853458cb1f59
- SHA1
  
  961806408c4be9d2d826b0665cba46e86dfc5c6a
- SHA256
  
  99ef5cdcc8d4101b45c724b59f9cd8c3cad9ca4b224d25fc9701b795b9939ceb
- SHA512
  
  18f33913b76737b302f9ce0d9c6925ab9a0c0c2ab5ef9f6c5b9fa220bbec7e78036c2ba4ccff62c7420e4ef9ba5228f30c163256a2849f16d0690ad5820a02dd
- SSDEEP
  
  12288:0JM7K/6xFVdY/r29tDIVmz/Oee0F0q5jGLH6+usB:uXCxFVdY68VE/OX0RFCHa8
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratdefaultrat

behavioral2