asyncrat | 0f9616033c3e2c3df40e50ccf9cbe8ffb0954569acb29f9bfb5e18d7c431254d | Triage

Sharing

General

Target

0f9616033c3e2c3df40e50ccf9cbe8ffb0954569acb29f9bfb5e18d7c431254d
Size

87KB
Sample

230317-hqj4esgg21
MD5

1cf38074d1eec7ff196912f6b2d8c0c1
SHA1

858c4fbf7be9b57538439ce6b9c69d92803d4719
SHA256

0f9616033c3e2c3df40e50ccf9cbe8ffb0954569acb29f9bfb5e18d7c431254d
SHA512

399d4feb12714442b7f7992bee741e26c0573f65df197ffb88ccc5a069d559b3c22907d5c40194d594db67e83ab7bdf751d500eadc58cd0eb1dbb21fc26a48db
SSDEEP

1536:qgboTbL7aqSsvPCMjZHjmP8ibPFhFFbgoq1Pb3phQVvshbg+25gcp:qguf7aqSNeZHMVLbgoq1Pb3phQVvshb0

Score

10^/10

asyncrat defendersmartscren persistence rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

DefenderSmartScren

C2

217.64.31.3:8437

Mutex

DefenderSmartScren

Attributes

delay
3
install
false
install_file
SecurityHealtheurvice.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  0f9616033c3e2c3df40e50ccf9cbe8ffb0954569acb29f9bfb5e18d7c431254d
- Size
  
  87KB
- MD5
  
  1cf38074d1eec7ff196912f6b2d8c0c1
- SHA1
  
  858c4fbf7be9b57538439ce6b9c69d92803d4719
- SHA256
  
  0f9616033c3e2c3df40e50ccf9cbe8ffb0954569acb29f9bfb5e18d7c431254d
- SHA512
  
  399d4feb12714442b7f7992bee741e26c0573f65df197ffb88ccc5a069d559b3c22907d5c40194d594db67e83ab7bdf751d500eadc58cd0eb1dbb21fc26a48db
- SSDEEP
  
  1536:qgboTbL7aqSsvPCMjZHjmP8ibPFhFFbgoq1Pb3phQVvshbg+25gcp:qguf7aqSNeZHMVLbgoq1Pb3phQVvshb0
Score

10^/10

asyncrat defendersmartscren persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefendersmartscrenpersistencerat