asyncrat | c41f14d142a0afb87f747243818ea6838b8d7b000e22cd488d759594e1e2290a | Triage

Sharing

General

Target

Infected.exe
Size

63KB
Sample

230820-y6l6qaag5t
MD5

45e26c322dba6a6eecced041efb55e9b
SHA1

0762521b60d9a56c5a3219e4bbeeffdc3454edba
SHA256

c41f14d142a0afb87f747243818ea6838b8d7b000e22cd488d759594e1e2290a
SHA512

1fd55bc8c8e83bededae62c83010d6a164f6ad29a65839e464d17c67fd1a25a63f9192609c974a467550a93d310a182686b48bc91d00ab3d2f0b22eb9bff5c62
SSDEEP

768:yfLDqQkNP78i3C8A+XOSazcBRL5JTk1+T4KSBGHmDbD/ph0oXR05CuajaSucdpqM:WmNvVdSJYUbdh9RruYucdpqKmY7

Score

10^/10

asyncrat default persistence rat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

Kaught-36793.portmap.host:1194

Kaught-36793.portmap.host:53088

Kaught-53088.portmap.host:1194

Kaught-53088.portmap.host:53088

Mutex

Ι7IEيHCΓΔFשΔHxn1wGx

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Infected.exe
- Size
  
  63KB
- MD5
  
  45e26c322dba6a6eecced041efb55e9b
- SHA1
  
  0762521b60d9a56c5a3219e4bbeeffdc3454edba
- SHA256
  
  c41f14d142a0afb87f747243818ea6838b8d7b000e22cd488d759594e1e2290a
- SHA512
  
  1fd55bc8c8e83bededae62c83010d6a164f6ad29a65839e464d17c67fd1a25a63f9192609c974a467550a93d310a182686b48bc91d00ab3d2f0b22eb9bff5c62
- SSDEEP
  
  768:yfLDqQkNP78i3C8A+XOSazcBRL5JTk1+T4KSBGHmDbD/ph0oXR05CuajaSucdpqM:WmNvVdSJYUbdh9RruYucdpqKmY7
Score

10^/10

asyncrat default rat persistence
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Modifies Installed Components in the registry
  persistence
- Executes dropped EXE
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultpersistencerat