asyncrat | 63b4600f00336a214819ed87c27c6ca6f809c5fbe12cd2a871447f72670846f5 | Triage

Sharing

General

Target

63b4600f00336a214819ed87c27c6ca6f809c5fbe12cd2a871447f72670846f5
Size

598KB
Sample

240713-prw8psshnb
MD5

fca56524754f35dbf5ecd8dd52528374
SHA1

d0479c8d2ab4750eebfec950e52e84227ea698f5
SHA256

63b4600f00336a214819ed87c27c6ca6f809c5fbe12cd2a871447f72670846f5
SHA512

02562b7339fe6cd837c1b0c820ea2323c67d9e3a1b402c8fd629794927065280d06624c1e919c891d7c76756910e9cfa4b6a515bb5d2e49f08576196c49e3e43
SSDEEP

6144:WFJ68bEdt1fiYcOwmZRC/HuBZpzN5/l/J7/lAA9P+mVF:WrP8tRupmZRCPuBP/ll/l39Br

Score

10^/10

asyncrat persistence rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Mutex

Aakn1515knAakn1515kn!

Attributes

c2_url_file
http://update-checker-status.cc/OCB-Async.txt
delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  63b4600f00336a214819ed87c27c6ca6f809c5fbe12cd2a871447f72670846f5
- Size
  
  598KB
- MD5
  
  fca56524754f35dbf5ecd8dd52528374
- SHA1
  
  d0479c8d2ab4750eebfec950e52e84227ea698f5
- SHA256
  
  63b4600f00336a214819ed87c27c6ca6f809c5fbe12cd2a871447f72670846f5
- SHA512
  
  02562b7339fe6cd837c1b0c820ea2323c67d9e3a1b402c8fd629794927065280d06624c1e919c891d7c76756910e9cfa4b6a515bb5d2e49f08576196c49e3e43
- SSDEEP
  
  6144:WFJ68bEdt1fiYcOwmZRC/HuBZpzN5/l/J7/lAA9P+mVF:WrP8tRupmZRCPuBP/ll/l39Br
Score

10^/10

asyncrat persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Modifies WinLogon for persistence
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratpersistencerat

behavioral2

asyncratpersistencerat