asyncrat | 6a950e011446449a8dece73c5e5a1cabd8c2fdc6d02e3bec1b1b38fc54be1556 | Triage

Sharing

General

Target

BetterDiscord.exe
Size

6.0MB
Sample

240615-we4wcatann
MD5

d5ad8b950946239be36b43e1f09bd171
SHA1

80ae48c745b51abfdc54ebf7af9ab8fbc933898c
SHA256

6a950e011446449a8dece73c5e5a1cabd8c2fdc6d02e3bec1b1b38fc54be1556
SHA512

da3616e838d6db3527a8fdcdb41f284b261ad543cd50a9af3e64e07a4723f17b0338e3fec136872e437c1bb525e4890b5c0f8209b8a70be30f18c5b17d2b02de
SSDEEP

768:J951Fn3n9P78zQC8A+Xv9xUgGAm+kijfCKv1+T4WSBGlmDbDzph0oXRW7p+XSucV:BX9xbtgd0BWUbhh9U/ucdpqKmY7

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

0.tcp.eu.ngrok.io:14406

Attributes

delay
1
install
true
install_file
BetterDiscord.exe
install_folder
%Temp%

aes.plain

Targets

- Target
  
  BetterDiscord.exe
- Size
  
  6.0MB
- MD5
  
  d5ad8b950946239be36b43e1f09bd171
- SHA1
  
  80ae48c745b51abfdc54ebf7af9ab8fbc933898c
- SHA256
  
  6a950e011446449a8dece73c5e5a1cabd8c2fdc6d02e3bec1b1b38fc54be1556
- SHA512
  
  da3616e838d6db3527a8fdcdb41f284b261ad543cd50a9af3e64e07a4723f17b0338e3fec136872e437c1bb525e4890b5c0f8209b8a70be30f18c5b17d2b02de
- SSDEEP
  
  768:J951Fn3n9P78zQC8A+Xv9xUgGAm+kijfCKv1+T4WSBGlmDbDzph0oXRW7p+XSucV:BX9xbtgd0BWUbhh9U/ucdpqKmY7
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

defaultasyncrat

behavioral1

asyncratdefaultrat