asyncrat | 30d999d57c9cbba171557c950e7662fd8783243b7777110b16905870918ce033 | Triage

Submit
Reports

Overview

overview

Static

static

Infected.exe

windows7-x64

Infected.exe

windows10-1703-x64

Infected.exe

windows10-2004-x64

Infected.exe

windows11-21h2-x64

Sharing

General

Target

Infected.exe
Size

63KB
Sample

240607-t15zesca96
MD5

56bd37b726af7b7d3412559ef8e788a8
SHA1

e9b42bcd3d496960bf8f932847281e2c0a32768d
SHA256

30d999d57c9cbba171557c950e7662fd8783243b7777110b16905870918ce033
SHA512

152224bbe19ec1339faa9f8f1a0aab96c9b5892d43d00ab141b593e4cb34d647072e25e00a4cd5b9005733193bc85b213d2a4b0326d53aa843485a48de3f84a8
SSDEEP

768:08nWA3cHt478jQC8A+XPCazcBRL5JTk1+T4KSBGHmDbD/ph0oX0O0sliSuQdpqKX:hWTtgEdSJYUbdh9sslVuQdpqKmY7

Score

10^/10

asyncrat defaultd rat

Static task

static1

rat defaultd asyncrat

3 signatures

Behavioral task

behavioral1

Sample

Infected.exe

Resource

win7-20240508-en

asyncrat defaultd rat

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Infected.exe

Resource

win10-20240404-en

asyncrat defaultd rat

windows10-1703-x64

10 signatures

150 seconds

Behavioral task

behavioral3

Sample

Infected.exe

Resource

win10v2004-20240508-en

asyncrat defaultd rat

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral4

Sample

Infected.exe

Resource

win11-20240508-en

asyncrat defaultd rat

windows11-21h2-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Botnet

Defaultd

C2

lunassworld-50930.portmap.host:50930

Attributes

delay
1
install
true
install_file
df.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Infected.exe
- Size
  
  63KB
- MD5
  
  56bd37b726af7b7d3412559ef8e788a8
- SHA1
  
  e9b42bcd3d496960bf8f932847281e2c0a32768d
- SHA256
  
  30d999d57c9cbba171557c950e7662fd8783243b7777110b16905870918ce033
- SHA512
  
  152224bbe19ec1339faa9f8f1a0aab96c9b5892d43d00ab141b593e4cb34d647072e25e00a4cd5b9005733193bc85b213d2a4b0326d53aa843485a48de3f84a8
- SSDEEP
  
  768:08nWA3cHt478jQC8A+XPCazcBRL5JTk1+T4KSBGHmDbD/ph0oX0O0sliSuQdpqKX:hWTtgEdSJYUbdh9sslVuQdpqKmY7
Score

10^/10

asyncrat defaultd rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

ratdefaultdasyncrat

behavioral1

asyncratdefaultdrat

behavioral2

asyncratdefaultdrat

behavioral3

asyncratdefaultdrat

behavioral4

asyncratdefaultdrat

© 2018-2024

Terms | Privacy