asyncrat | bf6bcae7ffd342431c3e51e3e2bf2874fb2f58db414fd71b0a47bbecc7faa343 | Triage

Sharing

General

Target

pp
Size

210KB
Sample

230330-ltwheade7y
MD5

90ada38693288cabfc3be095ef37cb55
SHA1

66c780453c1465bd82a2e50c21ac312eef3299b1
SHA256

bf6bcae7ffd342431c3e51e3e2bf2874fb2f58db414fd71b0a47bbecc7faa343
SHA512

bb0e2ceae71b344afb38bbc45be99374e6dbc5f98ed5d47780bf7fa5a06c64355a74fcc6c076f2d24e8976fd848d7ae4fee686f6e57a6cda61748c5afd00f9db
SSDEEP

3072:3TPTwLhFrOBsc4VsTKkcU/DNv9O9d2rBoOSpG2JeiptowmGcAh3Apq:/wLKpKkcUbNv9OyNodlpowmGcAh3Apq

Score

10^/10

asyncrat ppppp101010 rat

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

ppppp101010

C2

pop12.linkpc.net:6606

pop12.linkpc.net:7707

pop12.linkpc.net:8808

pop12.linkpc.net:6666

pop12.linkpc.net:555

45.80.158.108:6606

45.80.158.108:7707

45.80.158.108:8808

45.80.158.108:6666

45.80.158.108:555

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  pp
- Size
  
  210KB
- MD5
  
  90ada38693288cabfc3be095ef37cb55
- SHA1
  
  66c780453c1465bd82a2e50c21ac312eef3299b1
- SHA256
  
  bf6bcae7ffd342431c3e51e3e2bf2874fb2f58db414fd71b0a47bbecc7faa343
- SHA512
  
  bb0e2ceae71b344afb38bbc45be99374e6dbc5f98ed5d47780bf7fa5a06c64355a74fcc6c076f2d24e8976fd848d7ae4fee686f6e57a6cda61748c5afd00f9db
- SSDEEP
  
  3072:3TPTwLhFrOBsc4VsTKkcU/DNv9O9d2rBoOSpG2JeiptowmGcAh3Apq:/wLKpKkcUbNv9OyNodlpowmGcAh3Apq
Score

10^/10

asyncrat ppppp101010 rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

asyncratppppp101010rat