asyncrat | d9a4a7bcebc50f97043b547d0f9d390ca35888b9e9036f35a6e7593ffc71f5eb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e26e685d51988b2ae00c8e7a4ef256db.bin
Size

248KB
Sample

230519-cgkeyaee73
MD5

3947496ac0e4b08ce0a33e8e02b3650f
SHA1

abcfbdd917b0af3165ce2b8f8ca09a5d2a5ff492
SHA256

d9a4a7bcebc50f97043b547d0f9d390ca35888b9e9036f35a6e7593ffc71f5eb
SHA512

15faf91cf9cfca2e89787868610f4128bf5d1e74f45f19eedc2fd67fb60d7c1d4fa237c074bb375619f632469d3e4ed16eb119937088c1fb0aa44de4aef7758b
SSDEEP

3072:DQl8IPonacOa6Ai2NQ39XMcJkUmTxGGHhEZ00iHXFI2nERcg3j7fNV8V1RQpUol+:DXa+6AZQ3ZdtmT8GD0mic4jkHRzKeCEd

Score

10^/10

asyncrat may_1 persistence rat

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

May_1

C2

3llah23.run.place:8808

Mutex

AsyncMutex_6SI850OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  fa9fe798ce4705a1ccbb22f8cb813c84e4abce585413eb7e26f0934443e75dbd.ps1
- Size
  
  689KB
- MD5
  
  e26e685d51988b2ae00c8e7a4ef256db
- SHA1
  
  ba09428d9fdaadcd92a578d12a48dcb61d331856
- SHA256
  
  fa9fe798ce4705a1ccbb22f8cb813c84e4abce585413eb7e26f0934443e75dbd
- SHA512
  
  dc362252519f2637577e4b6fa3bc7df69cfa937fe9eaa78d078bfd24d4ea5b887f90319d1ae918b10c3ec081bcb35a7d436a173cae712d4d6e2f4f8f8af65eef
- SSDEEP
  
  1536:or/BsVwGJ9iOowdWIa/aEgRJWb+pifHNutiQ3JlqmbNNnLRS2EFurYdq7PbAeVh/:N
Score

10^/10

persistence asyncrat may_1 rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Async RAT payload
  rat
- Registers COM server for autorun
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratmay_1persistencerat