asyncrat | 09d4308c18ecece489a51b7837968bcfc6c1273d83f5c83614bbdd119ccf6961 | Triage

Submit
Reports

Overview

overview

Static

static

1

Inital.bat

windows10-2004-x64

Resubmissions

23-05-2024 05:33

240523-f8yy7afc8w 10

22-05-2024 19:39

240522-yc9d6adh9s 10

22-05-2024 19:09

240522-xtyhjsdb21 10

22-05-2024 19:06

240522-xscvfsda5y 10

22-05-2024 16:28

240522-tyxj9shb7z 10

Sharing

General

Target

Inital.bat
Size

63KB
Sample

240522-xtyhjsdb21
MD5

e9319ac7284b6bbadf0200fee286b6c1
SHA1

51c30382aa103118937f1a9bf453a8345febafb4
SHA256

09d4308c18ecece489a51b7837968bcfc6c1273d83f5c83614bbdd119ccf6961
SHA512

73e349b61c285cdb3cfdf41ae9ba166cc0f8e5c7b989bf744f9aa8433baf41ea3a01b46fa9a88cc97fa4ca5d80f57a9dbd8fea631a164566c9e95632c9f3404b
SSDEEP

1536:Z6e+aDqc6V/xOtoqfF4OycI/k0xqAD/xtM:Z6aDqpVuoqKL5fkAvM

Score

10^/10

asyncrat rated discovery execution persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

Inital.bat

Resource

win10v2004-20240426-en

asyncrat rated discovery execution persistence rat

windows10-2004-x64

31 signatures

1200 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

RATED

C2

147.185.221.17:25565

147.185.221.17:37531

Mutex

Dudee4vQEqBD

Attributes

delay
3
install
false
install_file
AnticheatBiner.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Inital.bat
- Size
  
  63KB
- MD5
  
  e9319ac7284b6bbadf0200fee286b6c1
- SHA1
  
  51c30382aa103118937f1a9bf453a8345febafb4
- SHA256
  
  09d4308c18ecece489a51b7837968bcfc6c1273d83f5c83614bbdd119ccf6961
- SHA512
  
  73e349b61c285cdb3cfdf41ae9ba166cc0f8e5c7b989bf744f9aa8433baf41ea3a01b46fa9a88cc97fa4ca5d80f57a9dbd8fea631a164566c9e95632c9f3404b
- SSDEEP
  
  1536:Z6e+aDqc6V/xOtoqfF4OycI/k0xqAD/xtM:Z6aDqpVuoqKL5fkAvM
Score

10^/10

asyncrat rated discovery execution persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratrateddiscoveryexecutionpersistencerat

© 2018-2024

Terms | Privacy