asyncrat | da5eb5bceeb347021b50d99bbc43ded3e72f4ede42ee3133f9070a1bc2403581 | Triage

Submit
Reports

Overview

overview

Static

static

915218971d...f6.exe

windows7-x64

915218971d...f6.exe

windows10-2004-x64

Sharing

General

Target

a47355c5131e669569fd038d40ec3b30.bin
Size

520KB
Sample

230131-kwcbwahd91
MD5

8fd7fbae63c13eb458ac37eaf5da7fee
SHA1

3d739f10751e0f2c6e6acf8aafb0a767f145816e
SHA256

da5eb5bceeb347021b50d99bbc43ded3e72f4ede42ee3133f9070a1bc2403581
SHA512

ed67a4e8f48215dcd64dab49b9a1f42a7933f64e0076fb2e8085386f94c652dd43dc4187461d59d6aa07a58dc352d811f3bcc124e1c8a5569b0a07c3bd5b8adb
SSDEEP

12288:nhezGc48gRpK0Iin+uZqzzR/JDHJ7MppSa:nheRLcpZIinwzXDSpb

Score

10^/10

asyncrat default rat

Static task

static1

Behavioral task

behavioral1

Sample

915218971d799dd8d84bcf104a727d40f5bea6456ea20d93d97bcd9e771dabf6.exe

Resource

win7-20221111-en

asyncrat default rat

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

915218971d799dd8d84bcf104a727d40f5bea6456ea20d93d97bcd9e771dabf6.exe

Resource

win10v2004-20220812-en

asyncrat default rat

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

192.3.193.136:2023

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  915218971d799dd8d84bcf104a727d40f5bea6456ea20d93d97bcd9e771dabf6.exe
- Size
  
  550KB
- MD5
  
  a47355c5131e669569fd038d40ec3b30
- SHA1
  
  5c8069a1ee5a606b8c8614606e63c73abaf9d20b
- SHA256
  
  915218971d799dd8d84bcf104a727d40f5bea6456ea20d93d97bcd9e771dabf6
- SHA512
  
  6bad6ee4e622273fd67d369a27e8f25cffbc5e38587345cb93597ade4c58225de8245d31cf30edd6a17616b75d5d05c6e8497d4687e0a5d1ea647568bfc81a0f
- SSDEEP
  
  12288:Is7nq0Xp2iNUWgMlSYtz8L6guw4YXxtaXryOxRNAeINEFgvMIr:31bfoL342xta3N6
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat

© 2018-2024

Terms | Privacy