asyncrat | 5c62c4d6d511d2c9cddd9d22762bc6ad0f44d3e3d28648566a333b8790919722 | Triage

Sharing

General

Target

jt4ig5.bat
Size

273KB
Sample

230221-b8kpcafb3z
MD5

5ed6410621bf4ec6f9f7009649be570c
SHA1

485ff0f41394b207d45b4042c7d9be8b404885b7
SHA256

5c62c4d6d511d2c9cddd9d22762bc6ad0f44d3e3d28648566a333b8790919722
SHA512

e27a2b934b5b1b7438cff5dde72f6b4d4a72c21a0d6016caaefc8b04a79a244f154d5781fce5d3e1430ee37562f372560e72b70ad5843f7d879304b1f9553b5d
SSDEEP

6144:K+Hn1UVzVtPs0CpvH04haQ2fGnxOW6y1vAw:K+VUVzVFEpf04h+esWT1x

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

95.216.102.32:6606

95.216.102.32:7707

95.216.102.32:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  jt4ig5.bat
- Size
  
  273KB
- MD5
  
  5ed6410621bf4ec6f9f7009649be570c
- SHA1
  
  485ff0f41394b207d45b4042c7d9be8b404885b7
- SHA256
  
  5c62c4d6d511d2c9cddd9d22762bc6ad0f44d3e3d28648566a333b8790919722
- SHA512
  
  e27a2b934b5b1b7438cff5dde72f6b4d4a72c21a0d6016caaefc8b04a79a244f154d5781fce5d3e1430ee37562f372560e72b70ad5843f7d879304b1f9553b5d
- SSDEEP
  
  6144:K+Hn1UVzVtPs0CpvH04haQ2fGnxOW6y1vAw:K+VUVzVFEpf04h+esWT1x
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Async RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratdefaultrat

behavioral2