asyncrat | 5390de25fad8a66fe3f2fa552338a94f128ea04f615c8a37db7a5c74096e71cd | Triage

Sharing

General

Target

$77Client.bat
Size

280KB
Sample

240615-qkk3jasara
MD5

965fc7d9a5cb2cc8ab2f796b9d20bcbc
SHA1

11c4af89c86d8438b3edf3b412251b4c207e0634
SHA256

5390de25fad8a66fe3f2fa552338a94f128ea04f615c8a37db7a5c74096e71cd
SHA512

491b8e442c65a6d2f9dd7a851a42a69180c5dbef75f2ae2827b69b995c65b93bcb89f36d3c880fd1cbbeac4c7226a9fa10dc05d07ec1ad295947eb09110d920d
SSDEEP

6144:c3tDp9Jtu0RQnlM1mUCUghyMk2vBXD/MVPd4:c3tDprt9RQn+wU/ghyL2vxU4

Score

10^/10

asyncrat default execution rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

paris-disciplinary.gl.at.ply.gg:63286

Mutex

TnvdM3O6Wmgg

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  $77Client.bat
- Size
  
  280KB
- MD5
  
  965fc7d9a5cb2cc8ab2f796b9d20bcbc
- SHA1
  
  11c4af89c86d8438b3edf3b412251b4c207e0634
- SHA256
  
  5390de25fad8a66fe3f2fa552338a94f128ea04f615c8a37db7a5c74096e71cd
- SHA512
  
  491b8e442c65a6d2f9dd7a851a42a69180c5dbef75f2ae2827b69b995c65b93bcb89f36d3c880fd1cbbeac4c7226a9fa10dc05d07ec1ad295947eb09110d920d
- SSDEEP
  
  6144:c3tDp9Jtu0RQnlM1mUCUghyMk2vBXD/MVPd4:c3tDprt9RQn+wU/ghyL2vxU4
Score

10^/10

asyncrat default execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

asyncratdefaultexecutionrat