asyncrat | 00eca3e9f1585ace0fc6923faad233b9b01b3f8da66cc59abbcc8fad4d3f35ad | Triage

Sharing

General

Target

95ba552080033c4c4f8ee4ec1a216a60
Size

674KB
Sample

240212-ae5a8ada5z
MD5

95ba552080033c4c4f8ee4ec1a216a60
SHA1

ae3fcbf804bdeff2d2121925468ea9c7f4e5d986
SHA256

00eca3e9f1585ace0fc6923faad233b9b01b3f8da66cc59abbcc8fad4d3f35ad
SHA512

1ff6e6a47888ab51c4903c977d4567f6f1cdf41e04f129013dda4cefca4a85e3ed949b8ac377b4e613e8afad7d2bda6558660cb2eda4854dfbbc0ee926f2ce8f
SSDEEP

384:obfnd8WP6VRB3u6RfXjM62GWT9CcjHjUJwv+6uhH/4be3EMuQVgo7ZxoP2Q9zZE/:obO

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

frankent2021.ddns.net:2455

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  95ba552080033c4c4f8ee4ec1a216a60
- Size
  
  674KB
- MD5
  
  95ba552080033c4c4f8ee4ec1a216a60
- SHA1
  
  ae3fcbf804bdeff2d2121925468ea9c7f4e5d986
- SHA256
  
  00eca3e9f1585ace0fc6923faad233b9b01b3f8da66cc59abbcc8fad4d3f35ad
- SHA512
  
  1ff6e6a47888ab51c4903c977d4567f6f1cdf41e04f129013dda4cefca4a85e3ed949b8ac377b4e613e8afad7d2bda6558660cb2eda4854dfbbc0ee926f2ce8f
- SSDEEP
  
  384:obfnd8WP6VRB3u6RfXjM62GWT9CcjHjUJwv+6uhH/4be3EMuQVgo7ZxoP2Q9zZE/:obO
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat