asyncrat | c4928f1e9bccb36765b10f9f4b4800d65f4ea91c8ceb13c6ee4500108da1a543 | Triage

Sharing

General

Target

AsyncClienddt.exe
Size

118KB
Sample

240427-bszhkaha3t
MD5

059ec6fbd20b0b431a48f8760e5e738e
SHA1

62ca3f138a540aee80657cbbfe8cd222c59f9b3c
SHA256

c4928f1e9bccb36765b10f9f4b4800d65f4ea91c8ceb13c6ee4500108da1a543
SHA512

1d7ea52ecffc2dcf7e2377e57c6d427b1f575d83d53f027950d450afa26a1a003d14f2a61cc5f5717508328d3b13d0f703c4967a725f817b258dd0720aba2c3d
SSDEEP

3072:pugwTcIb2VE5G3byxfHDyUWddeI63MD/AY1Jjwqy/kX2580x:pugIKB3bGyUDI63MzAYLEbkXMB

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

Mutex

nGvA3OOdmtVS

Attributes

delay
3
install
false
install_file
kami.exe
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/8QYz2mTR

aes.plain

Targets

- Target
  
  AsyncClienddt.exe
- Size
  
  118KB
- MD5
  
  059ec6fbd20b0b431a48f8760e5e738e
- SHA1
  
  62ca3f138a540aee80657cbbfe8cd222c59f9b3c
- SHA256
  
  c4928f1e9bccb36765b10f9f4b4800d65f4ea91c8ceb13c6ee4500108da1a543
- SHA512
  
  1d7ea52ecffc2dcf7e2377e57c6d427b1f575d83d53f027950d450afa26a1a003d14f2a61cc5f5717508328d3b13d0f703c4967a725f817b258dd0720aba2c3d
- SSDEEP
  
  3072:pugwTcIb2VE5G3byxfHDyUWddeI63MD/AY1Jjwqy/kX2580x:pugIKB3bGyUDI63MzAYLEbkXMB
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultrat