asyncrat | 433db8ca4379cc5873903c7022b907ba15d8b92e42074455ab9de094a1d56ddc | Triage

Sharing

General

Target

433db8ca4379cc5873903c7022b907ba15d8b92e42074455ab9de094a1d56ddc
Size

2.4MB
Sample

240709-1g2wzsyfme
MD5

23878e53dc083c8a3eaaa56a47df0f46
SHA1

33de428e36e9cbcbf1363587ce387a685c9aff9f
SHA256

433db8ca4379cc5873903c7022b907ba15d8b92e42074455ab9de094a1d56ddc
SHA512

3ea1a4534294567a63320ae71f4dddb4a5d9cab36ea74d5fd45f6514905e0b9de38dc46ca87138a17cc43b730662828f9f6101993697c6ec9a6574cf9b72b0d9
SSDEEP

49152:C02faKRvNBmM9KzFa1F5y0ElNhIyGuDOfg2fwPB/XUSquJ3F:C0MFvfmM8zYF5y0ErqyhO42A/XUSq0F

Score

10^/10

asyncrat default execution persistence rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

95.211.208.153:6606

95.211.208.153:7707

95.211.208.153:8808

5512.sytes.net:6606

5512.sytes.net:7707

5512.sytes.net:8808

Mutex

Llg9a02PERRO

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  433db8ca4379cc5873903c7022b907ba15d8b92e42074455ab9de094a1d56ddc
- Size
  
  2.4MB
- MD5
  
  23878e53dc083c8a3eaaa56a47df0f46
- SHA1
  
  33de428e36e9cbcbf1363587ce387a685c9aff9f
- SHA256
  
  433db8ca4379cc5873903c7022b907ba15d8b92e42074455ab9de094a1d56ddc
- SHA512
  
  3ea1a4534294567a63320ae71f4dddb4a5d9cab36ea74d5fd45f6514905e0b9de38dc46ca87138a17cc43b730662828f9f6101993697c6ec9a6574cf9b72b0d9
- SSDEEP
  
  49152:C02faKRvNBmM9KzFa1F5y0ElNhIyGuDOfg2fwPB/XUSquJ3F:C0MFvfmM8zYF5y0ErqyhO42A/XUSq0F
Score

10^/10

asyncrat default execution persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultexecutionpersistencerat

behavioral2

asyncratdefaultexecutionpersistencerat