asyncrat | 5414741fc98d932030d23617cd4baacc80b639684bb110729525f1055e75de82 | Triage

Sharing

General

Target

c9d2d5758ea0bc1c82bf466b68fad4ee.bin
Size

1KB
Sample

230324-cpkexadf4t
MD5

5456a53d87fa7303377c08ebe279c454
SHA1

3ed8cac6e92f15b89d3737ceed0363ef76cfa074
SHA256

5414741fc98d932030d23617cd4baacc80b639684bb110729525f1055e75de82
SHA512

aed9ba0c53040958928d17d3ee82d8330e37337ee8afae57a490d0f6714817c65ebf3d6c9096da484a601d1d820e8ae948383bc2d0557d1b161433e1fddb5f92

Score

10^/10

asyncrat cairo persistence rat

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Cairo

C2

admincairo.linkpc.net:7707

Mutex

AsyncMutex_move

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  b2aab26d36c289c0922a8cde64767571c9fec6daa765caee23a9b2c1fe7c0b17.js
- Size
  
  120KB
- MD5
  
  c9d2d5758ea0bc1c82bf466b68fad4ee
- SHA1
  
  30daf976e08feb0ecbb6a10958d09a6e2da2bcf8
- SHA256
  
  b2aab26d36c289c0922a8cde64767571c9fec6daa765caee23a9b2c1fe7c0b17
- SHA512
  
  20f3509e7cb2ebf00e1bd0a91c4fab0981cf8b90cb088abde8da63b36f785471466503edd820acbc033fdc11832ae8e3af3d9d09257f1cd0ac19d28bc0bf983a
- SSDEEP
  
  384:xXWXWXWXWXWXWXWXWXWXWXWXEXWXWXWXWXWXWXWXWXWXWXWX0XWXWXWXWXWXWXWZ:i/dNx
Score

10^/10

asyncrat cairo persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Async RAT payload
  rat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Registers COM server for autorun
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

BITS Jobs

Privilege Escalation

Defense Evasion

BITS Jobs

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

asyncratcairopersistencerat