asyncrat | f2966a8cfe58ae57b5af148277ab5419dd21d6d16cc584143f57fa48c5f18319 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f2966a8cfe58ae57b5af148277ab5419dd21d6d16cc584143f57fa48c5f18319
Size

365KB
Sample

231117-hkp3gshb4z
MD5

e97111354de07b3cdff77ec578cff398
SHA1

c0b7a9a8531a5398cd545908f45e77fd7794fc9c
SHA256

f2966a8cfe58ae57b5af148277ab5419dd21d6d16cc584143f57fa48c5f18319
SHA512

6e103d9ae48bfd8a436fe06693756626ad40e8ce14591977d3d5906b1f8dd0d6257fa0fd1d34511524c0ae0117fdd560ff50f0b183613d82e10b52db935df6c4
SSDEEP

6144:mAT8/Rr1kEa5Rby2r+VRqmtPKJvYFzloDO:jYrWjxXKV0mhovYFzloDO

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

154.39.254.105:4449

Mutex

zirvzrjwwttezp

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  f2966a8cfe58ae57b5af148277ab5419dd21d6d16cc584143f57fa48c5f18319
- Size
  
  365KB
- MD5
  
  e97111354de07b3cdff77ec578cff398
- SHA1
  
  c0b7a9a8531a5398cd545908f45e77fd7794fc9c
- SHA256
  
  f2966a8cfe58ae57b5af148277ab5419dd21d6d16cc584143f57fa48c5f18319
- SHA512
  
  6e103d9ae48bfd8a436fe06693756626ad40e8ce14591977d3d5906b1f8dd0d6257fa0fd1d34511524c0ae0117fdd560ff50f0b183613d82e10b52db935df6c4
- SSDEEP
  
  6144:mAT8/Rr1kEa5Rby2r+VRqmtPKJvYFzloDO:jYrWjxXKV0mhovYFzloDO
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat