asyncrat | 069d85d410a0f414a728f7f7492ff856693f728e448a0ec8504326cef9f8eb67 | Triage

Sharing

General

Target

FUD KDMAPPER.exe
Size

258KB
Sample

240607-yvebqsdf29
MD5

f7fdc1c011064e58ae8ecfb1df305b93
SHA1

25422f5ff9c5fddf5627aa7fc3c8e24dd910e279
SHA256

069d85d410a0f414a728f7f7492ff856693f728e448a0ec8504326cef9f8eb67
SHA512

3ea427917911a64fd080f4b11420fbef43d79e2b7c6b61351fc16ee0701fe26b72a6b026cc82d8d26dd59199ea0182eeebf8eb37868b39474c26cb9495837d0d
SSDEEP

6144:0JuzdObJOeWfJorUtmG5HJyYJuzdObJOeWfJorUtmG5HJy:08zdONOJfJMUtmG5HJyY8zdONOJfJMUc

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

127.0.0.1:8080

127.0.0.1:18775

4.tcp.eu.ngrok.io:8080

4.tcp.eu.ngrok.io:18775

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_file
explorer.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  FUD KDMAPPER.exe
- Size
  
  258KB
- MD5
  
  f7fdc1c011064e58ae8ecfb1df305b93
- SHA1
  
  25422f5ff9c5fddf5627aa7fc3c8e24dd910e279
- SHA256
  
  069d85d410a0f414a728f7f7492ff856693f728e448a0ec8504326cef9f8eb67
- SHA512
  
  3ea427917911a64fd080f4b11420fbef43d79e2b7c6b61351fc16ee0701fe26b72a6b026cc82d8d26dd59199ea0182eeebf8eb37868b39474c26cb9495837d0d
- SSDEEP
  
  6144:0JuzdObJOeWfJorUtmG5HJyYJuzdObJOeWfJorUtmG5HJy:08zdONOJfJMUtmG5HJyY8zdONOJfJMUc
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat