asyncrat

General

Target

https://cdn.discordapp.com/attachments/1239109054819995690/1242913895287488542/injector.exe?ex=664f9144&is=664e3fc4&hm=6a7f6a4fddad087ad3655e2f77cb899a38c2c04f2133c824657001026e131137&
Sample

240522-xmc82ach74

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

127.0.0.1:2035

147.185.221.16:2035

147.185.221.19:2035

121637121.duckdns.org:2035

Mutex

I8EJ82H739UG

Attributes

delay
1
install
true
install_file
Update.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  https://cdn.discordapp.com/attachments/1239109054819995690/1242913895287488542/injector.exe?ex=664f9144&is=664e3fc4&hm=6a7f6a4fddad087ad3655e2f77cb899a38c2c04f2133c824657001026e131137&
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Web Service

1

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Async RAT payload

Downloads MZ/PE file

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

urlscan1

behavioral1