asyncrat | d548ff4b3087f7bcf7a83019bef434fe23baef7489c3b92dac45b1ce3e542e5b | Triage

Sharing

General

Target

getrnr.bat
Size

279KB
Sample

240514-km65wshb21
MD5

167bee7350388d8357a2c7b7a67275de
SHA1

15ad2fbb16264b7f595e600ae4319256b8c83153
SHA256

d548ff4b3087f7bcf7a83019bef434fe23baef7489c3b92dac45b1ce3e542e5b
SHA512

3ece3f5a0bf43264cc31f27ecee046f6093e61064683f5d1b3d6d62ec2c7f8ee7a9452869aeb7c636c02b98cf64852797a1581b6f50b7cb04f3e778242c7cf54
SSDEEP

6144:ADe50b7Ynod1bLuUJV5q5oG+2mYKPvlxL32nAel/W:ADe+ftLuo2m1PNvy/W

Score

10^/10

asyncrat default execution rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

51.195.229.88:6606

51.195.229.88:7707

51.195.229.88:8808

Mutex

RtcMBJiBo8Ns

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  getrnr.bat
- Size
  
  279KB
- MD5
  
  167bee7350388d8357a2c7b7a67275de
- SHA1
  
  15ad2fbb16264b7f595e600ae4319256b8c83153
- SHA256
  
  d548ff4b3087f7bcf7a83019bef434fe23baef7489c3b92dac45b1ce3e542e5b
- SHA512
  
  3ece3f5a0bf43264cc31f27ecee046f6093e61064683f5d1b3d6d62ec2c7f8ee7a9452869aeb7c636c02b98cf64852797a1581b6f50b7cb04f3e778242c7cf54
- SSDEEP
  
  6144:ADe50b7Ynod1bLuUJV5q5oG+2mYKPvlxL32nAel/W:ADe+ftLuo2m1PNvy/W
Score

10^/10

asyncrat default execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultexecutionrat