asyncrat

General

Target

SecuriteInfo.com.Win32.MalwareX-gen.16630.10475.exe
Size

346KB
Sample

240620-stl3asyejp
MD5

d3b40b51e542efb11ef776ccab1f76e6
SHA1

22b9194c7871d80bee1f08db9159269fe084b055
SHA256

612f8f59794cb8257af89ab138bb768a0578848f3b4359280070097aa62f8e00
SHA512

8734743533489ea2dfe430d94dc96cb187f926e3da81019e10af72b35ec96c9b54d88a2ea183527a3c8cfc4c418ee3c22892077c33e347f8e3febfce2e94a0e2
SSDEEP

6144:NdlKHAeamXQvzoTNQmavm0EjOxDE0u7fdO3yZh:lKXamgUT3XjOFEj7l28h

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

matkapdark.ddns.org:6606

matkapdark.ddns.org:7707

matkapdark.ddns.org:8808

Mutex

m8OxE8l37vh3

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  SecuriteInfo.com.Win32.MalwareX-gen.16630.10475.exe
- Size
  
  346KB
- MD5
  
  d3b40b51e542efb11ef776ccab1f76e6
- SHA1
  
  22b9194c7871d80bee1f08db9159269fe084b055
- SHA256
  
  612f8f59794cb8257af89ab138bb768a0578848f3b4359280070097aa62f8e00
- SHA512
  
  8734743533489ea2dfe430d94dc96cb187f926e3da81019e10af72b35ec96c9b54d88a2ea183527a3c8cfc4c418ee3c22892077c33e347f8e3febfce2e94a0e2
- SSDEEP
  
  6144:NdlKHAeamXQvzoTNQmavm0EjOxDE0u7fdO3yZh:lKXamgUT3XjOFEj7l28h
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

1

T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1

T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Uses the VBS compiler for execution

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2