asyncrat | 2eae73d060cc2bdf615de1ee8dbb7db3c0ac8e927d516e437af0b6a3b5cb5a95 | Triage

Sharing

General

Target

New folder.zip
Size

23.9MB
Sample

240708-h2e9lszgkh
MD5

e375652893ddbd33f75bb2c6140b50d5
SHA1

24dc691908d5c1776a8fbae12cfd2a0239634c7e
SHA256

2eae73d060cc2bdf615de1ee8dbb7db3c0ac8e927d516e437af0b6a3b5cb5a95
SHA512

3f69725e98cd8935455e6506f48e09d2d7dff2cbf05f3791206a145767fb906a749997a464b2ec63933b1ff802e470a3e1b982988c51cd6a12cb5f09154720c5
SSDEEP

393216:FyyYJrpV7UxnZaEZkAgcGvEbeprRI9HwYz8GwwU5GUVhZMIOPWa/FB6MSVtdXgLl:FyrpV72ZaEZAcCzRNnGUVhZMrrn6MCRa

Score

10^/10

asyncrat default evasion rat trojan

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

Mutex

QdNftpHJFSw4

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  New folder.zip
- Size
  
  23.9MB
- MD5
  
  e375652893ddbd33f75bb2c6140b50d5
- SHA1
  
  24dc691908d5c1776a8fbae12cfd2a0239634c7e
- SHA256
  
  2eae73d060cc2bdf615de1ee8dbb7db3c0ac8e927d516e437af0b6a3b5cb5a95
- SHA512
  
  3f69725e98cd8935455e6506f48e09d2d7dff2cbf05f3791206a145767fb906a749997a464b2ec63933b1ff802e470a3e1b982988c51cd6a12cb5f09154720c5
- SSDEEP
  
  393216:FyyYJrpV7UxnZaEZkAgcGvEbeprRI9HwYz8GwwU5GUVhZMIOPWa/FB6MSVtdXgLl:FyrpV72ZaEZAcCzRNnGUVhZMrrn6MCRa
Score

10^/10

asyncrat evasion rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- UAC bypass
  evasion trojan
- Deletes itself
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratevasionrattrojan