asyncrat | ae55dc186e2373b964f1d84fd51aa7692fdb2994cc163128b97631c3ba7f7066 | Triage

Sharing

General

Target

ae55dc186e2373b964f1d84fd51aa7692fdb2994cc163128b97631c3ba7f7066
Size

680KB
Sample

240524-j1q56aag21
MD5

47e6542e234e5ffed88732519f19008c
SHA1

b3dd01bf81d5b4b9595c13032d0fc8006dbc7e64
SHA256

ae55dc186e2373b964f1d84fd51aa7692fdb2994cc163128b97631c3ba7f7066
SHA512

98e4ddd035c81623ba2dcc5fc4ca58da3aa6ba10c7bce25ab0a00e7737c11152d6a77507c859f7f369be8fc456189acb5fe90a55064a5bf790e06662f3b589ce
SSDEEP

12288:+Xplx92r2O9Ycny57ohEDGtnXCkgybsySO+TbQnpNwMfgriFg3ikzA6pVPbi81kR:oFTCy5XityUWXUNwMfgrV3ikz8

Score

10^/10

asyncrat default execution rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

198.55.115.39:6606

198.55.115.39:7707

198.55.115.39:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
Wndfnder.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  ae55dc186e2373b964f1d84fd51aa7692fdb2994cc163128b97631c3ba7f7066
- Size
  
  680KB
- MD5
  
  47e6542e234e5ffed88732519f19008c
- SHA1
  
  b3dd01bf81d5b4b9595c13032d0fc8006dbc7e64
- SHA256
  
  ae55dc186e2373b964f1d84fd51aa7692fdb2994cc163128b97631c3ba7f7066
- SHA512
  
  98e4ddd035c81623ba2dcc5fc4ca58da3aa6ba10c7bce25ab0a00e7737c11152d6a77507c859f7f369be8fc456189acb5fe90a55064a5bf790e06662f3b589ce
- SSDEEP
  
  12288:+Xplx92r2O9Ycny57ohEDGtnXCkgybsySO+TbQnpNwMfgriFg3ikzA6pVPbi81kR:oFTCy5XityUWXUNwMfgrV3ikz8
Score

10^/10

asyncrat default execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultexecutionrat

behavioral2

asyncratdefaultexecutionrat