asyncrat | 7dd1b9c77b656ecbff01099deec50c1c65a19168fa1314869fca22f3193f6d07 | Triage

Sharing

General

Target

7dd1b9c77b656ecbff01099deec50c1c65a19168fa1314869fca22f3193f6d07
Size

4.4MB
Sample

230212-vl8bnsfc74
MD5

b9182a18d285439d5a8f54e43acf7ed0
SHA1

6bdb5cb62375d0defb52426fd55f1e73ade3a9a9
SHA256

7dd1b9c77b656ecbff01099deec50c1c65a19168fa1314869fca22f3193f6d07
SHA512

7f0007306704cddff6070d90b44fd737a458b2169a9e5cba5cce25c1d63de51973b063600fe482b9c51470d9856a82d88b4a7ad9869499fa27169c83b5e1463f
SSDEEP

98304:AyXPoKTkGvDygM1dqd4gCNMTcrSahyeCKWkxla:Pzv2P1gx8tc50xk

Score

10^/10

asyncrat 默认 rat

Malware Config

Extracted

Family

asyncrat

Version

萝莉控

Botnet

默认

C2

cn-gx-plc-1.openfrp.top:25565

cn-gx-plc-1.openfrp.top:48454

Mutex

火绒远程管理

Attributes

delay
1
install
true
install_file
Windows Updata.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  7dd1b9c77b656ecbff01099deec50c1c65a19168fa1314869fca22f3193f6d07
- Size
  
  4.4MB
- MD5
  
  b9182a18d285439d5a8f54e43acf7ed0
- SHA1
  
  6bdb5cb62375d0defb52426fd55f1e73ade3a9a9
- SHA256
  
  7dd1b9c77b656ecbff01099deec50c1c65a19168fa1314869fca22f3193f6d07
- SHA512
  
  7f0007306704cddff6070d90b44fd737a458b2169a9e5cba5cce25c1d63de51973b063600fe482b9c51470d9856a82d88b4a7ad9869499fa27169c83b5e1463f
- SSDEEP
  
  98304:AyXPoKTkGvDygM1dqd4gCNMTcrSahyeCKWkxla:Pzv2P1gx8tc50xk
Score

10^/10

asyncrat 默认 rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncrat默认rat

behavioral2