asyncrat | 53f31f8434c996d2ebb17306377efbaa2644dc0a8254e9fad0e032373cc61812 | Triage

Sharing

General

Target

2024-05-26_1f4b9fdf5c71893e3379cd3f903765fe_cobalt-strike_ryuk
Size

960KB
Sample

240526-b75ywsbb94
MD5

1f4b9fdf5c71893e3379cd3f903765fe
SHA1

9196acb54531f32f0094fea5ca23ad63d44c24fc
SHA256

53f31f8434c996d2ebb17306377efbaa2644dc0a8254e9fad0e032373cc61812
SHA512

3809e41e107392e1c7d0bf93f4dce4834f6390a6063c50880995ffaad0fa0e5a67e3c9b3a66e119b657de464b16c9adbe65fda81f986e938fc058b93ac543097
SSDEEP

12288:fvgHx5kbV4kGgqogdKvxn+ImytCh2Cq/B7H7ab3NQEHWv3s8WWFVdbIIIIIIIIIT:fIDCV4kGgq2+9miqJ7mb3ZHER+d

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

2.0.0

Botnet

Default

C2

www.speow2.net:65503

Mutex

5D92ABD8732AC4E9738604E9872D9A2C

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  2024-05-26_1f4b9fdf5c71893e3379cd3f903765fe_cobalt-strike_ryuk
- Size
  
  960KB
- MD5
  
  1f4b9fdf5c71893e3379cd3f903765fe
- SHA1
  
  9196acb54531f32f0094fea5ca23ad63d44c24fc
- SHA256
  
  53f31f8434c996d2ebb17306377efbaa2644dc0a8254e9fad0e032373cc61812
- SHA512
  
  3809e41e107392e1c7d0bf93f4dce4834f6390a6063c50880995ffaad0fa0e5a67e3c9b3a66e119b657de464b16c9adbe65fda81f986e938fc058b93ac543097
- SSDEEP
  
  12288:fvgHx5kbV4kGgqogdKvxn+ImytCh2Cq/B7H7ab3NQEHWv3s8WWFVdbIIIIIIIIIT:fIDCV4kGgq2+9miqJ7mb3ZHER+d
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Detects executables attemping to enumerate video devices using WMI
- Detects executables containing the string DcRatBy
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultrat