asyncrat | 6bce3efc034465072079041148dcd6bdff611d1bd7dfbc4c61161faf47c3d066 | Triage

Sharing

General

Target

New folder.zip
Size

250KB
Sample

240708-jrnzfa1hmh
MD5

862596f4db8efd0d6d1bae204ade81f5
SHA1

272576dcc59964db391cae4247cf44ba45c6f06f
SHA256

6bce3efc034465072079041148dcd6bdff611d1bd7dfbc4c61161faf47c3d066
SHA512

695ebad239b023ee2bea080e225c351f504238e66327007802e40b7e0ed12cde15c4a3ad07d6ac15bd2ca8ca741882e4fbd43bb659099970b9daa15f73a716b1
SSDEEP

6144:ECs9Ogq89cjxtez+i4nDxbqAR9zzmYARtf+kVKvTatstTC:Er9Om6jHntnDxbTRFnMf+kVKvTqstTC

Score

10^/10

asyncrat default persistence rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

127.0.0.1:8808

Mutex

QdNftpHJFSw4

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  New folder.zip
- Size
  
  250KB
- MD5
  
  862596f4db8efd0d6d1bae204ade81f5
- SHA1
  
  272576dcc59964db391cae4247cf44ba45c6f06f
- SHA256
  
  6bce3efc034465072079041148dcd6bdff611d1bd7dfbc4c61161faf47c3d066
- SHA512
  
  695ebad239b023ee2bea080e225c351f504238e66327007802e40b7e0ed12cde15c4a3ad07d6ac15bd2ca8ca741882e4fbd43bb659099970b9daa15f73a716b1
- SSDEEP
  
  6144:ECs9Ogq89cjxtez+i4nDxbqAR9zzmYARtf+kVKvTatstTC:Er9Om6jHntnDxbTRFnMf+kVKvTqstTC
Score

10^/10

asyncrat default persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultpersistencerat