asyncrat | e79f05099139c98022e7a49bc2a959564e77125b5f84fe81b6a9be4dca1e3585 | Triage

Sharing

General

Target

911.exe
Size

61KB
Sample

240709-1m4b1azajh
MD5

e33dcf1fd7c953f37fcd75d7dfa04e50
SHA1

7b5e0d900aa722f38bc37125478d21a7f731d22a
SHA256

e79f05099139c98022e7a49bc2a959564e77125b5f84fe81b6a9be4dca1e3585
SHA512

d2af67f2cee8f4b5755c45fd6f8ea70aa207cb698eb70f548a0cc5099afcdf22fd794a70a30e66aad7e97555c33668590661f4fee253419d6a92cbc3bf66a426
SSDEEP

768:U4fBC6zGyomoV/H7Yh9jZizjLyibvlynwx8ZsM2RLUbzg5tMeCM5c8CsoxYt1qqs:U4BltZZZBi7kntZWibs5egGWqq3W7x

Score

10^/10

asyncrat default execution rat spyware stealer

Malware Config

Extracted

Family

asyncrat

Version

AsyncRAT

Botnet

Default

C2

pepecasas123.net:4608

pepecasas123.mywire.org:4608

Mutex

10

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  911.exe
- Size
  
  61KB
- MD5
  
  e33dcf1fd7c953f37fcd75d7dfa04e50
- SHA1
  
  7b5e0d900aa722f38bc37125478d21a7f731d22a
- SHA256
  
  e79f05099139c98022e7a49bc2a959564e77125b5f84fe81b6a9be4dca1e3585
- SHA512
  
  d2af67f2cee8f4b5755c45fd6f8ea70aa207cb698eb70f548a0cc5099afcdf22fd794a70a30e66aad7e97555c33668590661f4fee253419d6a92cbc3bf66a426
- SSDEEP
  
  768:U4fBC6zGyomoV/H7Yh9jZizjLyibvlynwx8ZsM2RLUbzg5tMeCM5c8CsoxYt1qqs:U4BltZZZBi7kntZWibs5egGWqq3W7x
Score

10^/10

asyncrat default execution rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultexecutionratspywarestealer