asyncrat | 46b90cce656efe63bc33b585581c2cafd25778f2854a334f0421d219ed17b339 | Triage

Sharing

General

Target

12de70d06ed65680914d061347ac1f95.exe
Size

89KB
Sample

240422-hrha8agg67
MD5

12de70d06ed65680914d061347ac1f95
SHA1

14023e1ed46236cbfb463ddccd6345caa3c14d54
SHA256

46b90cce656efe63bc33b585581c2cafd25778f2854a334f0421d219ed17b339
SHA512

7d6a20b0e9d6c5db0177e08f197f7858aa8000097c5eb2fa7a2b3d2181fefb53760efacd7fcba32d481193eee547162ac22b08b8e8777b68fc1597dec12db67f
SSDEEP

1536:EGjb5BKhaUxo6TRMinLvIbzV6A2SYzEOV4c7rei1:EGjb5IJxZTLnL4aSY4OVDui

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

103.249.112.118:8848

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  12de70d06ed65680914d061347ac1f95.exe
- Size
  
  89KB
- MD5
  
  12de70d06ed65680914d061347ac1f95
- SHA1
  
  14023e1ed46236cbfb463ddccd6345caa3c14d54
- SHA256
  
  46b90cce656efe63bc33b585581c2cafd25778f2854a334f0421d219ed17b339
- SHA512
  
  7d6a20b0e9d6c5db0177e08f197f7858aa8000097c5eb2fa7a2b3d2181fefb53760efacd7fcba32d481193eee547162ac22b08b8e8777b68fc1597dec12db67f
- SSDEEP
  
  1536:EGjb5BKhaUxo6TRMinLvIbzV6A2SYzEOV4c7rei1:EGjb5IJxZTLnL4aSY4OVDui
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Downloads MZ/PE file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat