asyncrat | bb9a15bba92d19a61fe169b406e97413753edf0b61ab788020e5a4bab37d765d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Infected.exe
Size

63KB
Sample

240501-qkewhshg92
MD5

0727e9c3b53bbe194cb3aa5a9e12210c
SHA1

96fad90a9bc619b2f9b3a4236c2f2ce2429a5d60
SHA256

bb9a15bba92d19a61fe169b406e97413753edf0b61ab788020e5a4bab37d765d
SHA512

00a1a45281c92a947f2efb14375b2f5672386e943ee3544e416e3cb8e63eb979429c844ea5bcdbe0ac4cfd947b9c36955231ecde7373d23d684290b010ef9b6f
SSDEEP

768:CmUvnkjXf78dwC8A+XU2azcBRL5JTk1+T4KSBGHmDbD/ph0oXLfWhvkWBUTSusdP:6wXzLdSJYUbdh9LfWWWB/usdpqKmY7

Score

10^/10

asyncrat default evasion ransomware rat trojan

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

193.161.193.99:63150

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Infected.exe
- Size
  
  63KB
- MD5
  
  0727e9c3b53bbe194cb3aa5a9e12210c
- SHA1
  
  96fad90a9bc619b2f9b3a4236c2f2ce2429a5d60
- SHA256
  
  bb9a15bba92d19a61fe169b406e97413753edf0b61ab788020e5a4bab37d765d
- SHA512
  
  00a1a45281c92a947f2efb14375b2f5672386e943ee3544e416e3cb8e63eb979429c844ea5bcdbe0ac4cfd947b9c36955231ecde7373d23d684290b010ef9b6f
- SSDEEP
  
  768:CmUvnkjXf78dwC8A+XU2azcBRL5JTk1+T4KSBGHmDbD/ph0oXLfWhvkWBUTSusdP:6wXzLdSJYUbdh9LfWWWB/usdpqKmY7
Score

10^/10

asyncrat default evasion ransomware rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Renames multiple (1268) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultevasionransomwarerattrojan