asyncrat | 53677ec9a71a72447531c8e81956df068800b738dae73ed46d700e01bea58745 | Triage

Sharing

General

Target

53677ec9a71a72447531c8e81956df068800b738dae73ed46d700e01bea58745
Size

52KB
Sample

240527-k14xpafe27
MD5

c3f34df135ab3ba4b0c8408a3fe041f8
SHA1

a26cc4fc291830ce9f4b5726fb196a3893c38dcb
SHA256

53677ec9a71a72447531c8e81956df068800b738dae73ed46d700e01bea58745
SHA512

2a6cb888d4bc6e5a234b2692f80d0389739f2c4994e2a5e705ca9ab57ee9e05292b4d9fa7a29309ca2859cfe8b596fb0720d42505050615206b1e048bb81a9a1
SSDEEP

1536:ouUDVT0d5262POAgB8CRbHUdlaacfKodd5N:ouUBT0d527OAgBZbHUaacDN

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

91.92.241.69:5555

Mutex

WZl6sjIAcmXI

Attributes

delay
3
install
true
install_file
AMD Update Manager.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  53677ec9a71a72447531c8e81956df068800b738dae73ed46d700e01bea58745
- Size
  
  52KB
- MD5
  
  c3f34df135ab3ba4b0c8408a3fe041f8
- SHA1
  
  a26cc4fc291830ce9f4b5726fb196a3893c38dcb
- SHA256
  
  53677ec9a71a72447531c8e81956df068800b738dae73ed46d700e01bea58745
- SHA512
  
  2a6cb888d4bc6e5a234b2692f80d0389739f2c4994e2a5e705ca9ab57ee9e05292b4d9fa7a29309ca2859cfe8b596fb0720d42505050615206b1e048bb81a9a1
- SSDEEP
  
  1536:ouUDVT0d5262POAgB8CRbHUdlaacfKodd5N:ouUBT0d527OAgBZbHUaacDN
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat