asyncrat | e16bcff77a3468fa10bf4d67fb5e6c7d8d19564320895acdff5e1aaef74b5cfc | Triage

Sharing

General

Target

e16bcff77a3468fa10bf4d67fb5e6c7d8d19564320895acdff5e1aaef74b5cfc
Size

1.3MB
Sample

240713-prwl6sshmh
MD5

4ecb15fe8939eacf799015f8419f407e
SHA1

06231d45f5a38c4fcef3ebf3d42b363c52cf23e3
SHA256

e16bcff77a3468fa10bf4d67fb5e6c7d8d19564320895acdff5e1aaef74b5cfc
SHA512

da1e5edeaa85a71ec0097b28f8cf1a63aeea7b6864af647b9254e1bc50782fce0cb4e27f743cc4add43911cbd57852419047b2878cd440d0c51134fea158e9d7
SSDEEP

12288:mvNXAe2V/HjYmnkUytIS+5KTXF81q2rfuEI4b9YWFyZ:02VsofyuS+5Kp8FrflI4hty

Score

10^/10

asyncrat persistence rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Mutex

Aakn1515knAakn1515kn!

Attributes

c2_url_file
http://update-checker-status.cc/OCB-Async.txt
delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  e16bcff77a3468fa10bf4d67fb5e6c7d8d19564320895acdff5e1aaef74b5cfc
- Size
  
  1.3MB
- MD5
  
  4ecb15fe8939eacf799015f8419f407e
- SHA1
  
  06231d45f5a38c4fcef3ebf3d42b363c52cf23e3
- SHA256
  
  e16bcff77a3468fa10bf4d67fb5e6c7d8d19564320895acdff5e1aaef74b5cfc
- SHA512
  
  da1e5edeaa85a71ec0097b28f8cf1a63aeea7b6864af647b9254e1bc50782fce0cb4e27f743cc4add43911cbd57852419047b2878cd440d0c51134fea158e9d7
- SSDEEP
  
  12288:mvNXAe2V/HjYmnkUytIS+5KTXF81q2rfuEI4b9YWFyZ:02VsofyuS+5Kp8FrflI4hty
Score

10^/10

asyncrat persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Modifies WinLogon for persistence
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratpersistencerat

behavioral2

asyncratpersistencerat