asyncrat

General

Target

AsyncClient.bat
Size

63KB
Sample

240507-af4fbace89
MD5

dbce32c8a127cd9a7966fe4a47071071
SHA1

f1866b877b463be6df04dace8bccec70e11ce311
SHA256

79d51a6e1d88225fbdf916f4f608ce53e563440df0b23d5f3ccc3aba1f12d7d5
SHA512

e2165665aa1000a133734a760d78e341053ad0dbd5e904d4a58675167839b758423df8b71e206b1648fc44cb48ecd1c97a853cfac5f4b7b3d443d048d77266c6
SSDEEP

1536:rUqEZ9FzJrPZjPIUNcjvJsS/akFhJYCFyCteszYN:rEjPDTWakjpA0+

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

RATED

C2

147.185.221.17:25565

147.185.221.17:37531

147.185.221.17:3389

Mutex

Dudee4vQEqBD

Attributes

delay
3
install
false
install_file
Gang.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  AsyncClient.bat
- Size
  
  63KB
- MD5
  
  dbce32c8a127cd9a7966fe4a47071071
- SHA1
  
  f1866b877b463be6df04dace8bccec70e11ce311
- SHA256
  
  79d51a6e1d88225fbdf916f4f608ce53e563440df0b23d5f3ccc3aba1f12d7d5
- SHA512
  
  e2165665aa1000a133734a760d78e341053ad0dbd5e904d4a58675167839b758423df8b71e206b1648fc44cb48ecd1c97a853cfac5f4b7b3d443d048d77266c6
- SSDEEP
  
  1536:rUqEZ9FzJrPZjPIUNcjvJsS/akFhJYCFyCteszYN:rEjPDTWakjpA0+
Score

10^/10

execution asyncrat zgrat rated rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

PowerShell

1

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect ZGRat V1

ZGRat

Async RAT payload

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2