asyncrat | c83bb3ba68f3f4fde63abea1a95a89566c4a8b75bac40d47b8733a1dac0d1658 | Triage

Sharing

General

Target

service.exe
Size

283KB
Sample

230317-g2zgtaee77
MD5

c801ed2ca1f4f204ca5d28a6ab366949
SHA1

781f35df9b44560982623ef0259a05fbf99b8fcc
SHA256

c83bb3ba68f3f4fde63abea1a95a89566c4a8b75bac40d47b8733a1dac0d1658
SHA512

2d910f09aaeaf0ad6e769f5148ce61f4d284468da1f109434602e2e4c7ddd567d41cd6dae95aba72133dc77fcf35d9814be6c645d05f40d8268ab9036adce45b
SSDEEP

6144:7gZiAEAO0sByNsAal3gVAWgS7/OhwjKfqZr:7gZXEAO/BUdG3gVdt7KnfqZr

Score

10^/10

asyncrat default evasion rat

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://pastebin.com/raw/vNcCt60A

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

Mutex

Mutex

Attributes

delay
3
install
false
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/s14cUU5G

aes.plain

Targets

- Target
  
  service.exe
- Size
  
  283KB
- MD5
  
  c801ed2ca1f4f204ca5d28a6ab366949
- SHA1
  
  781f35df9b44560982623ef0259a05fbf99b8fcc
- SHA256
  
  c83bb3ba68f3f4fde63abea1a95a89566c4a8b75bac40d47b8733a1dac0d1658
- SHA512
  
  2d910f09aaeaf0ad6e769f5148ce61f4d284468da1f109434602e2e4c7ddd567d41cd6dae95aba72133dc77fcf35d9814be6c645d05f40d8268ab9036adce45b
- SSDEEP
  
  6144:7gZiAEAO0sByNsAal3gVAWgS7/OhwjKfqZr:7gZXEAO/BUdG3gVdt7KnfqZr
Score

10^/10

asyncrat default evasion rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultevasionrat