asyncrat | 6fe1abce3bd85556518ec941c17b9e7972dde63a034a455c116284667566ab3d | Triage

Sharing

General

Target

1d82cafa1d48a17a158999bd284d46d0_NeikiAnalytics.exe
Size

753KB
Sample

240518-23frbach2w
MD5

1d82cafa1d48a17a158999bd284d46d0
SHA1

c8a466b52ad49afdfd5c6a2b4f6f5abf169555ea
SHA256

6fe1abce3bd85556518ec941c17b9e7972dde63a034a455c116284667566ab3d
SHA512

8388486dc73ae18f24b0d3848ad244f3dab392b45db0310bcf60edf96fb343fd9d53535cf4f6b7edfcce11d6cd77c0078590917e687359dec709b369416c1b74
SSDEEP

6144:T278WavqCe0B9E7RCK/NeKc+bvonl7QsIAVHSuhz4ULDJIveEtONRnvy:T278WYHebk0eKcDnfhBqANRnvy

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

mexico-aviation.gl.at.ply.gg:49156

Attributes

delay
1
install
true
install_file
chrome.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  1d82cafa1d48a17a158999bd284d46d0_NeikiAnalytics.exe
- Size
  
  753KB
- MD5
  
  1d82cafa1d48a17a158999bd284d46d0
- SHA1
  
  c8a466b52ad49afdfd5c6a2b4f6f5abf169555ea
- SHA256
  
  6fe1abce3bd85556518ec941c17b9e7972dde63a034a455c116284667566ab3d
- SHA512
  
  8388486dc73ae18f24b0d3848ad244f3dab392b45db0310bcf60edf96fb343fd9d53535cf4f6b7edfcce11d6cd77c0078590917e687359dec709b369416c1b74
- SSDEEP
  
  6144:T278WavqCe0B9E7RCK/NeKc+bvonl7QsIAVHSuhz4ULDJIveEtONRnvy:T278WYHebk0eKcDnfhBqANRnvy
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat