asyncrat | 4b920c737b2fc26db60d86322c07777bf18f83deaf3e83b7564453b4eaff8d4a | Triage

Sharing

General

Target

spoofer.bat
Size

3.4MB
Sample

240522-lqvfyaba7t
MD5

0990deea076062de5eb3da9a8b7f8e9e
SHA1

af911f1272174c4e609551e22c32eb3f2e52fa3d
SHA256

4b920c737b2fc26db60d86322c07777bf18f83deaf3e83b7564453b4eaff8d4a
SHA512

33aa8bb1312b53e1c31ae1c2d4143e39c56ab6ddfdad00dbf7e68a14ee6d00ed49de5d4d25d2c3ee7879cab8098eab724254c5e7f843d24f4ccbf688762b0249
SSDEEP

3072:VuBAMEN7YarD8LYEGrPNNyZXbHVLgoBRLi+laymtrUIoJBsZX2:V97YLgrlNkDV7NaymREJ6ZX2

Score

10^/10

asyncrat perm-woof execution rat

Malware Config

Extracted

Family

asyncrat

Botnet

PERM-WOOF

C2

127.0.0.1:57462

just-keeps.gl.at.ply.gg:57462

Attributes

delay
1
install
true
install_file
PERM-WOOF.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  spoofer.bat
- Size
  
  3.4MB
- MD5
  
  0990deea076062de5eb3da9a8b7f8e9e
- SHA1
  
  af911f1272174c4e609551e22c32eb3f2e52fa3d
- SHA256
  
  4b920c737b2fc26db60d86322c07777bf18f83deaf3e83b7564453b4eaff8d4a
- SHA512
  
  33aa8bb1312b53e1c31ae1c2d4143e39c56ab6ddfdad00dbf7e68a14ee6d00ed49de5d4d25d2c3ee7879cab8098eab724254c5e7f843d24f4ccbf688762b0249
- SSDEEP
  
  3072:VuBAMEN7YarD8LYEGrPNNyZXbHVLgoBRLi+laymtrUIoJBsZX2:V97YLgrlNkDV7NaymREJ6ZX2
Score

10^/10

execution asyncrat perm-woof rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratperm-woofexecutionrat