asyncrat | ed68e12c60686d99f0d76e05e2dba12679cb267e3812c568eee02a7c804152c1 | Triage

Sharing

General

Target

Test.exe
Size

36.6MB
Sample

240223-rk9xbsah63
MD5

5c409f380598742b3862f545ea2af8ee
SHA1

922b2ff8fcdb2fe01a0025e8902dd7009f31a41b
SHA256

ed68e12c60686d99f0d76e05e2dba12679cb267e3812c568eee02a7c804152c1
SHA512

5520de63cb069748d00c7815c44b5c61e2ff1bf8dd0160e8536a053d2feae04b0d8c2953920e0b677c7862c9f015157a5fcbca9a7af7af4c934d7c935d095ab9
SSDEEP

786432:+94QtstqClKKdQP2j6+s7LWB75zupy3MGY3YuMHJSKmlh:W4QtIHlKKo2qHWB75iaMGaMYKc

Score

10^/10

asyncrat def pyinstaller rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

def

C2

37.18.62.18:8060

Mutex

era2312swe12-1213rsgdkms23

Attributes

delay
1
install
true
install_file
CCXProcess.exe
install_folder
%Temp%

aes.plain

Targets

- Target
  
  Test.exe
- Size
  
  36.6MB
- MD5
  
  5c409f380598742b3862f545ea2af8ee
- SHA1
  
  922b2ff8fcdb2fe01a0025e8902dd7009f31a41b
- SHA256
  
  ed68e12c60686d99f0d76e05e2dba12679cb267e3812c568eee02a7c804152c1
- SHA512
  
  5520de63cb069748d00c7815c44b5c61e2ff1bf8dd0160e8536a053d2feae04b0d8c2953920e0b677c7862c9f015157a5fcbca9a7af7af4c934d7c935d095ab9
- SSDEEP
  
  786432:+94QtstqClKKdQP2j6+s7LWB75zupy3MGY3YuMHJSKmlh:W4QtIHlKKo2qHWB75iaMGaMYKc
Score

10^/10

asyncrat def rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2