asyncrat | 15791d65829ba4c6ef16731ce8b9f38035f6138acc584701285ee43b261b56b5 | Triage

Sharing

General

Target

1001e8004955273ef0b530f0f3598230.bin
Size

64KB
Sample

230601-bc7h8sbg88
MD5

3cd81ee3f9c7b01c16b6fca961323ef8
SHA1

d08c5dbf836bf36f704623c3b97c5e839f6a4f9e
SHA256

15791d65829ba4c6ef16731ce8b9f38035f6138acc584701285ee43b261b56b5
SHA512

337ab0e8718c64ffa1e1f547da2de0b86c74a309ea1c053acd602c3fb937dab022f2ee2a5cb290d80144b464a01a91b7427011ceb44889f4600790041feeadb6
SSDEEP

1536:k/q4J18BHH0VGtJWscpF2cPmO3kds19ItdgJQRqqNZplH:eq4J1sUGfWNpF2qmOUvdgo9

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Default

C2

josemonila.ddnsfree.com:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  d41166f1c8bbd3c6bbac0f5c96c4dc867d501c3ce5aeb056686ffa28652facef.unknown
- Size
  
  234KB
- MD5
  
  1001e8004955273ef0b530f0f3598230
- SHA1
  
  6970e6cd0ab07c90cf2024bbe0e25292e78f7740
- SHA256
  
  d41166f1c8bbd3c6bbac0f5c96c4dc867d501c3ce5aeb056686ffa28652facef
- SHA512
  
  b1151c858274bcaba6d48ea71851d2a088d2b7758e1e7e85a45a011702d7cc59afec75a641474aad6c61f0194c2c7362ef577c49fe30d731591a24e6bf0587b7
- SSDEEP
  
  3072:usF+Uv1vZCUC+QIiX6Sy7PyHcts315h3ApS5C:zFu+QIiX6j7PyHl315h3Apv
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultrat