asyncrat | 6345f66509868dae2d0725f00f3a60034012496142d91ea6d7dcbec3d471538b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e0295b03a18cadfd2ef555869a013ac5.bin
Size

7.5MB
Sample

240328-dtntkabd26
MD5

e0295b03a18cadfd2ef555869a013ac5
SHA1

548509919e803393656c2d58f993e717d8257888
SHA256

6345f66509868dae2d0725f00f3a60034012496142d91ea6d7dcbec3d471538b
SHA512

b653ae24d76ec1aec023690be35d416748a9001bbaa704e41604b36dfd466a8b24205ec6651feec994188962f501260606613eed2405d51a8339a8bb7ffa0beb
SSDEEP

196608:YHZUcQM99igj59mp3zqwXaTk0nHtRWbpbtsc95t:Y5PeTp3zq7HtRW1Zsy5t

Score

10^/10

asyncrat meowpc persistence rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

MeowPC

C2

meowpc-33643.portmap.host:2610

meowpc-33643.portmap.host:33643

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
window.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  e0295b03a18cadfd2ef555869a013ac5.bin
- Size
  
  7.5MB
- MD5
  
  e0295b03a18cadfd2ef555869a013ac5
- SHA1
  
  548509919e803393656c2d58f993e717d8257888
- SHA256
  
  6345f66509868dae2d0725f00f3a60034012496142d91ea6d7dcbec3d471538b
- SHA512
  
  b653ae24d76ec1aec023690be35d416748a9001bbaa704e41604b36dfd466a8b24205ec6651feec994188962f501260606613eed2405d51a8339a8bb7ffa0beb
- SSDEEP
  
  196608:YHZUcQM99igj59mp3zqwXaTk0nHtRWbpbtsc95t:Y5PeTp3zq7HtRW1Zsy5t
Score

10^/10

asyncrat meowpc persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratmeowpcpersistencerat

behavioral2

asyncratmeowpcpersistencerat