asyncrat | 7e1974ea77e2416b2ac75656d1e24da59de0af97815a9e337e4a7cc58f6339a4 | Triage

Sharing

General

Target

7e1974ea77e2416b2ac75656d1e24da59de0af97815a9e337e4a7cc58f6339a4_JC.exe
Size

48KB
Sample

231011-xxs28shg72
MD5

39fb8a8a40c829ac3a4fd5cd6ea473b7
SHA1

5930195043f8a59566d778d15acb31d3c3e5c3a8
SHA256

7e1974ea77e2416b2ac75656d1e24da59de0af97815a9e337e4a7cc58f6339a4
SHA512

e6d3074a3f2c8d474818d1611d36990b4ab9467f5ffe983ef7572414870c2802e2f353aa02579044c7b51e482bac23424bed9767b8fbb0c41ed16dd328b2beaa
SSDEEP

1536:euWk5T1gi29npmgpzmyb+M/oLnOA5UtGhdIR:euWET1gi29pmgpzmyb+/Ld6tI+R

Score

10^/10

asyncrat rust rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Rust

C2

extra-hack.ddns.net:2550

extra-hack.ddns.net:2551

extra-hack.ddns.net:2552

extra-hack.ddns.net:2553

extra-hack.ddns.net:2554

extra-hack.ddns.net:2555

extra-hack.ddns.net:2556

extra-hack.ddns.net:2557

extra-hack.ddns.net:2558

extra-hack.ddns.net:2559

extra-hack.ddns.net:2560

extra-hack.ddns.net:2561

extra-hack.ddns.net:2562

extra-hack.ddns.net:2563

extra-hack.ddns.net:2564

extra-hack.ddns.net:2565

extra-hack.ddns.net:2566

extra-hack.ddns.net:2567

extra-hack.ddns.net:2568

extra-hack.ddns.net:2569

Mutex

j4hy8gsf6w53x4

Attributes

delay
3
install
true
install_file
Realtek HD Audio Universal Service.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  7e1974ea77e2416b2ac75656d1e24da59de0af97815a9e337e4a7cc58f6339a4_JC.exe
- Size
  
  48KB
- MD5
  
  39fb8a8a40c829ac3a4fd5cd6ea473b7
- SHA1
  
  5930195043f8a59566d778d15acb31d3c3e5c3a8
- SHA256
  
  7e1974ea77e2416b2ac75656d1e24da59de0af97815a9e337e4a7cc58f6339a4
- SHA512
  
  e6d3074a3f2c8d474818d1611d36990b4ab9467f5ffe983ef7572414870c2802e2f353aa02579044c7b51e482bac23424bed9767b8fbb0c41ed16dd328b2beaa
- SSDEEP
  
  1536:euWk5T1gi29npmgpzmyb+M/oLnOA5UtGhdIR:euWET1gi29pmgpzmyb+/Ld6tI+R
Score

10^/10

asyncrat rust rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratrustasyncrat

behavioral1

asyncratrustrat

behavioral2

asyncratrustrat