asyncrat | 31d44e6d5f1df017ec8d890e85ee50d3fc3165f802c7f4c68be7e4d61b36b51f | Triage

Submit
Reports

Overview

overview

Static

static

3

31d44e6d5f...1f.exe

windows7-x64

31d44e6d5f...1f.exe

windows10-2004-x64

Sharing

General

Target

31d44e6d5f1df017ec8d890e85ee50d3fc3165f802c7f4c68be7e4d61b36b51f.exe
Size

947KB
Sample

240518-bgbblacf3s
MD5

a573f4115e789e76360f3cbbc99846d7
SHA1

7214cbe099b7d43bda779eec05bb4826f36c16de
SHA256

31d44e6d5f1df017ec8d890e85ee50d3fc3165f802c7f4c68be7e4d61b36b51f
SHA512

a62c61e8d76b8138a23003955f18d61b43e256827bcc93d6c84b51f5bcca3714def666810250388536f027fabef49cc30d22d06eab253713c74e4fe8950cee83
SSDEEP

24576:YwaPp4ar0B90K7rji9f2N38rn+IJ9uoI9H4Wx9K+oJfFMYoMfY6:om90ii9bn+IJ9uoI9H4WK+oJ7w6

Score

10^/10

asyncrat 15 mayo persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

31d44e6d5f1df017ec8d890e85ee50d3fc3165f802c7f4c68be7e4d61b36b51f.exe

Resource

win7-20240221-en

asyncrat 15 mayo persistence rat

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

31d44e6d5f1df017ec8d890e85ee50d3fc3165f802c7f4c68be7e4d61b36b51f.exe

Resource

win10v2004-20240226-en

asyncrat 15 mayo persistence rat

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

15 MAYO

C2

tueresreydios.duckdns.org:2270

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  31d44e6d5f1df017ec8d890e85ee50d3fc3165f802c7f4c68be7e4d61b36b51f.exe
- Size
  
  947KB
- MD5
  
  a573f4115e789e76360f3cbbc99846d7
- SHA1
  
  7214cbe099b7d43bda779eec05bb4826f36c16de
- SHA256
  
  31d44e6d5f1df017ec8d890e85ee50d3fc3165f802c7f4c68be7e4d61b36b51f
- SHA512
  
  a62c61e8d76b8138a23003955f18d61b43e256827bcc93d6c84b51f5bcca3714def666810250388536f027fabef49cc30d22d06eab253713c74e4fe8950cee83
- SSDEEP
  
  24576:YwaPp4ar0B90K7rji9f2N38rn+IJ9uoI9H4Wx9K+oJfFMYoMfY6:om90ii9bn+IJ9uoI9H4WK+oJ7w6
Score

10^/10

asyncrat 15 mayo persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Detects executables attemping to enumerate video devices using WMI
- Detects executables containing the string DcRatBy
- Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncrat15 mayopersistencerat

behavioral2

asyncrat15 mayopersistencerat

© 2018-2024

Terms | Privacy