asyncrat | dc33f8af0fc9fadbc1c3af453db83f5a5088e4cb2439c8a3621c3648e37c6cb5 | Triage

Sharing

General

Target

2024-07-08_4428be5916f75751b9e52ac52f321820_megazord
Size

3.0MB
Sample

240709-aa52yswbkr
MD5

4428be5916f75751b9e52ac52f321820
SHA1

c5d11d22c71e770dd4f46f3f8142c6b140740738
SHA256

dc33f8af0fc9fadbc1c3af453db83f5a5088e4cb2439c8a3621c3648e37c6cb5
SHA512

75f2c59a5e2b3df5af85757c12e7ea697a9fd9505fc9dcd480b8210ac6db786d021aa7aca597b1f1aec2cd3cee1f14b336834fea12517235d0333f409b4914cb
SSDEEP

49152:/8yJAk206NICMq5pzKRgqVzKO0gFC5uamk6xB:ABsipAB

Score

10^/10

asyncrat default execution persistence rat

Malware Config

Extracted

Family

asyncrat

Version

2.0.0

Botnet

Default

C2

webwhatsapp.cc:65503

Mutex

ShiningForceRatMutex_cs_cs_cs

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  2024-07-08_4428be5916f75751b9e52ac52f321820_megazord
- Size
  
  3.0MB
- MD5
  
  4428be5916f75751b9e52ac52f321820
- SHA1
  
  c5d11d22c71e770dd4f46f3f8142c6b140740738
- SHA256
  
  dc33f8af0fc9fadbc1c3af453db83f5a5088e4cb2439c8a3621c3648e37c6cb5
- SHA512
  
  75f2c59a5e2b3df5af85757c12e7ea697a9fd9505fc9dcd480b8210ac6db786d021aa7aca597b1f1aec2cd3cee1f14b336834fea12517235d0333f409b4914cb
- SSDEEP
  
  49152:/8yJAk206NICMq5pzKRgqVzKO0gFC5uamk6xB:ABsipAB
Score

10^/10

asyncrat default execution persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultexecutionpersistencerat

behavioral2

asyncratdefaultexecutionpersistencerat