asyncrat | fe3ecc8083863bdabe36d78b083c191f974a2a54ccc246baa3e7715bc2fc1913 | Triage

Sharing

General

Target

viewn.bat
Size

289B
Sample

230221-bp32ksfa7v
MD5

d0199e962da6ddb7ef820976f6305cfb
SHA1

a242dfb8a7cb5bc28c5b291ce898997d4bb4b645
SHA256

fe3ecc8083863bdabe36d78b083c191f974a2a54ccc246baa3e7715bc2fc1913
SHA512

53b6ada79d72ef82e73d696a10733845d34a072528075a4609c492a1cc1bbb3afbebbf7ecc2cd05f10835303362326f4b72e0fef5f2ee0cb8488ee99a6f08276

Score

10^/10

asyncrat default persistence rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

95.216.102.32:6606

95.216.102.32:7707

95.216.102.32:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  viewn.bat
- Size
  
  289B
- MD5
  
  d0199e962da6ddb7ef820976f6305cfb
- SHA1
  
  a242dfb8a7cb5bc28c5b291ce898997d4bb4b645
- SHA256
  
  fe3ecc8083863bdabe36d78b083c191f974a2a54ccc246baa3e7715bc2fc1913
- SHA512
  
  53b6ada79d72ef82e73d696a10733845d34a072528075a4609c492a1cc1bbb3afbebbf7ecc2cd05f10835303362326f4b72e0fef5f2ee0cb8488ee99a6f08276
Score

10^/10

asyncrat default persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Async RAT payload
  rat
- Blocklisted process makes network request
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratdefaultpersistencerat

behavioral2