asyncrat | f21b7aec9770dc80d20ac5fd871b6b88b7ba4586c2ae56faf724a23ee64a6193 | Triage

Sharing

General

Target

fr-obf.bat
Size

17KB
Sample

240522-n38kfafe5w
MD5

389078feb0d26c841b905168deaecd15
SHA1

e0013a66fad26afbbac701c3fbd6a0d85ddce3c9
SHA256

f21b7aec9770dc80d20ac5fd871b6b88b7ba4586c2ae56faf724a23ee64a6193
SHA512

ce51959c6d29112e575350013be45f87907edb9dc2c6bc3c8dc566e251a350bc361380202c34874aef71085f745dbf4e4ae4a760f457f49ff5e36f238785d238
SSDEEP

192:oZYztAEqvAb5JqjbLoUfSY1PfcLCL6lh2uxHwNy/FDcTjNolW/uw6yfzyKe:oZY5AEqvA5JEoiJ1PfcL1PDwiMVvWKe

Score

10^/10

asyncrat default discovery execution rat

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://103.179.189.111/porn.png

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

103.179.189.111:8848

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  fr-obf.bat
- Size
  
  17KB
- MD5
  
  389078feb0d26c841b905168deaecd15
- SHA1
  
  e0013a66fad26afbbac701c3fbd6a0d85ddce3c9
- SHA256
  
  f21b7aec9770dc80d20ac5fd871b6b88b7ba4586c2ae56faf724a23ee64a6193
- SHA512
  
  ce51959c6d29112e575350013be45f87907edb9dc2c6bc3c8dc566e251a350bc361380202c34874aef71085f745dbf4e4ae4a760f457f49ff5e36f238785d238
- SSDEEP
  
  192:oZYztAEqvAb5JqjbLoUfSY1PfcLCL6lh2uxHwNy/FDcTjNolW/uw6yfzyKe:oZY5AEqvA5JEoiJ1PfcL1PDwiMVvWKe
Score

10^/10

asyncrat default discovery execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Use of msiexec (install) with remote resource
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryexecutionrat

behavioral2

asyncratdefaultdiscoveryexecutionrat