asyncrat | dede998c648aa3f9239ddddb59f53789694c142486c2138a06d015bcf152aeb1 | Triage

Sharing

General

Target

smss.exe
Size

47KB
Sample

240620-w21r7svhkn
MD5

18d494d508d16f2c16cb9d30c4f11bf3
SHA1

f4a05b98a75505ece207f6c542949223baa3844b
SHA256

dede998c648aa3f9239ddddb59f53789694c142486c2138a06d015bcf152aeb1
SHA512

3a63fc4de20e1cd43179801262a7ba70845d689144726b17eed53d64c53fdc0836ba77c6ba1685ab37b6d3002db2904acdc752e9380a60a44ea618218c282008
SSDEEP

768:MuPfZTg4pYiWUU9jjmo2qr/XtXyTCXLHpfNd7vPIbiJ1Qi0bBLwhtD2U/9lDP3S3:MuPfZTgKa2YIC9fNdEbiJqdbBLk9/9lw

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

5.tcp.eu.ngrok.io:14915

Mutex

YVISpSrdK8Qe

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  smss.exe
- Size
  
  47KB
- MD5
  
  18d494d508d16f2c16cb9d30c4f11bf3
- SHA1
  
  f4a05b98a75505ece207f6c542949223baa3844b
- SHA256
  
  dede998c648aa3f9239ddddb59f53789694c142486c2138a06d015bcf152aeb1
- SHA512
  
  3a63fc4de20e1cd43179801262a7ba70845d689144726b17eed53d64c53fdc0836ba77c6ba1685ab37b6d3002db2904acdc752e9380a60a44ea618218c282008
- SSDEEP
  
  768:MuPfZTg4pYiWUU9jjmo2qr/XtXyTCXLHpfNd7vPIbiJ1Qi0bBLwhtD2U/9lDP3S3:MuPfZTgKa2YIC9fNdEbiJqdbBLk9/9lw
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat