asyncrat | 715c1fbf243cdd37c2e7f5cabe0093c366589ed477c4bb76348936fe26316579 | Triage

Submit
Reports

Overview

overview

Static

static

9a8f8b4491...38.exe

windows7-x64

9a8f8b4491...38.exe

windows10-2004-x64

Sharing

General

Target

9a8f8b44910d4c35a64244354966ce7bdd3bdff9189feee1d8e98b094c855138.zip
Size

84KB
Sample

230321-qphszaae33
MD5

0362d1111cb7d45af5f75d47caa8d6cb
SHA1

78b5a4b964be344aff0b9c026afd4934826e1c8b
SHA256

715c1fbf243cdd37c2e7f5cabe0093c366589ed477c4bb76348936fe26316579
SHA512

2e01853c22f636f88d615afe9a861a0f7b405841995e2dda2db00facf5fe76dff3c4538964041b98ca6f40174400c1a3c26d2e43952c8632b798bb93d81292fd
SSDEEP

1536:FEToUc4d9UKSXRKOdTPXvHupFEa4dU4pr9aNjKrGdAP953gLRmdRN8:e8Uc4nUKSXRR/uLWUUr9AGrbPz3gLO8

Score

10^/10

asyncrat default rat

Static task

static1

rat default asyncrat

2 signatures

Behavioral task

behavioral1

Sample

9a8f8b44910d4c35a64244354966ce7bdd3bdff9189feee1d8e98b094c855138.exe

Resource

win7-20230220-en

asyncrat default rat

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

9a8f8b44910d4c35a64244354966ce7bdd3bdff9189feee1d8e98b094c855138.exe

Resource

win10v2004-20230221-en

asyncrat default rat

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

127.0.0.1:1177

jntrojan.ddns.net:6606

jntrojan.ddns.net:7707

jntrojan.ddns.net:8808

jntrojan.ddns.net:1177

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
windows.exe
install_folder
%Temp%

aes.plain

Targets

- Target
  
  9a8f8b44910d4c35a64244354966ce7bdd3bdff9189feee1d8e98b094c855138.exe
- Size
  
  309KB
- MD5
  
  66b5dabec55deb65ac6ecdbb385c9181
- SHA1
  
  8485dc1ecf501916e3850521e81112fccdfaa110
- SHA256
  
  9a8f8b44910d4c35a64244354966ce7bdd3bdff9189feee1d8e98b094c855138
- SHA512
  
  28ff7068f0d8c1d7e0de8a6129d64db7d566868dc93e9bb8ba4de737d11483f8dd52edc6f67799cdf3396109061835bce472a2123477bb9304f1ff902ffdffb8
- SSDEEP
  
  3072:WHuQETR+J2IoYcOXb/CPJDjSIU1dA+h9b3dA2/S1dAK3dA/Sf6CwCPuikC0oXz2T:ouQ1MIPXXbaQIDp5OqfO
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat

© 2018-2024

Terms | Privacy