asyncrat | 118088ebdecef31805885de379e8332d7551078d4f3c6c15db52a70b108cbd76 | Triage

Sharing

General

Target

SecuriteInfo.com.Trojan.Win32.Penguish.aqk.2138.32152.exe
Size

19.3MB
Sample

240306-d1xeaabc57
MD5

e29a0e59ee8a40469e3bedfe2612f567
SHA1

2254d7b5bf1524bb1a224875abba9110f7a815f2
SHA256

118088ebdecef31805885de379e8332d7551078d4f3c6c15db52a70b108cbd76
SHA512

9908d67e32bcbd3f2f29c60ca208bfcaf76252e2f63712d1c625e9a36ac378192977ba6f05cbbfb33baa4db7ae4c1686d36dcfa7363b1dbc571ca3ccbef066df
SSDEEP

196608:WwUNEud08Pz1fCmX14ZEErpm5IQPI9UPDlQ/jMiDNR1T7EPPe:Ww2L8+1OEnuyPZO7DREe

Score

10^/10

asyncrat rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.6B

C2

koradon.giize.com:6606

Mutex

vomsklihddikoeyxag

Attributes

delay
5
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  SecuriteInfo.com.Trojan.Win32.Penguish.aqk.2138.32152.exe
- Size
  
  19.3MB
- MD5
  
  e29a0e59ee8a40469e3bedfe2612f567
- SHA1
  
  2254d7b5bf1524bb1a224875abba9110f7a815f2
- SHA256
  
  118088ebdecef31805885de379e8332d7551078d4f3c6c15db52a70b108cbd76
- SHA512
  
  9908d67e32bcbd3f2f29c60ca208bfcaf76252e2f63712d1c625e9a36ac378192977ba6f05cbbfb33baa4db7ae4c1686d36dcfa7363b1dbc571ca3ccbef066df
- SSDEEP
  
  196608:WwUNEud08Pz1fCmX14ZEErpm5IQPI9UPDlQ/jMiDNR1T7EPPe:Ww2L8+1OEnuyPZO7DREe
Score

10^/10

asyncrat rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2