asyncrat | 48429db29ff42c7c50264ca1645560f5ca4e2a3e0f934dd59a06572c7770e7e7 | Triage

Submit
Reports

Overview

overview

Static

static

FlySide.exe

windows7-x64

FlySide.exe

windows10-2004-x64

Sharing

General

Target

FlySide.exe
Size

234KB
Sample

240616-wccn3szhqc
MD5

0f582a0b2557f50a4745751a4c128c34
SHA1

894660b4a64e8309393f08f686cade8721dc5f73
SHA256

48429db29ff42c7c50264ca1645560f5ca4e2a3e0f934dd59a06572c7770e7e7
SHA512

b1c860bbae77ac8642bf1fb7963606b64d74b7ceb7e28d262b3cb2ae8a2e843aa22bfc18cc4882df1e83e58009205805452a412eddcd87615a6b3fb5802fab34
SSDEEP

1536:WpN/jdSJYUbdh9TV4uHaeQKKKKKKKKb4NMjB8X9C+VdpqKmY7:WTjYYUbdfaepMjOXc+VGz

Score

10^/10

asyncrat default rat

Static task

static1

rat default asyncrat

3 signatures

Behavioral task

behavioral1

Sample

FlySide.exe

Resource

win7-20240611-en

asyncrat default rat

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

FlySide.exe

Resource

win10v2004-20240508-en

asyncrat default rat

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:3232

Attributes

delay
1
install
true
install_file
Winrar.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  FlySide.exe
- Size
  
  234KB
- MD5
  
  0f582a0b2557f50a4745751a4c128c34
- SHA1
  
  894660b4a64e8309393f08f686cade8721dc5f73
- SHA256
  
  48429db29ff42c7c50264ca1645560f5ca4e2a3e0f934dd59a06572c7770e7e7
- SHA512
  
  b1c860bbae77ac8642bf1fb7963606b64d74b7ceb7e28d262b3cb2ae8a2e843aa22bfc18cc4882df1e83e58009205805452a412eddcd87615a6b3fb5802fab34
- SSDEEP
  
  1536:WpN/jdSJYUbdh9TV4uHaeQKKKKKKKKb4NMjB8X9C+VdpqKmY7:WTjYYUbdfaepMjOXc+VGz
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat

© 2018-2024

Terms | Privacy