asyncrat | 85156af07c7d1ac58dfa6d0e0c5d3866b4d57c73c88c466db204e15ffa72888a | Triage

Sharing

General

Target

SolaraB.exe
Size

129KB
Sample

240714-kcfj7awalc
MD5

4eed882d9e46f1270ed2121d00429189
SHA1

6adfbe0b4e8b83da1cb6d2a696cfa359c1d31176
SHA256

85156af07c7d1ac58dfa6d0e0c5d3866b4d57c73c88c466db204e15ffa72888a
SHA512

e8babe8e239c4da4e82f87d2677bef7b4032ffdddaae9dcd4694ef1f0902c053c6c7966ce1cf0c756334d2c936ee3a5600ce704de9aa0b414a33f55599f1e349
SSDEEP

3072:bMSncRzAOQKhp5LrUwk4XqdPbIGbb02NOgzY+mZgv:ASncRlvhbLrUwk4Xq1bIkbJNNU

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

always-assessment.gl.at.ply.gg:13857

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  SolaraB.exe
- Size
  
  129KB
- MD5
  
  4eed882d9e46f1270ed2121d00429189
- SHA1
  
  6adfbe0b4e8b83da1cb6d2a696cfa359c1d31176
- SHA256
  
  85156af07c7d1ac58dfa6d0e0c5d3866b4d57c73c88c466db204e15ffa72888a
- SHA512
  
  e8babe8e239c4da4e82f87d2677bef7b4032ffdddaae9dcd4694ef1f0902c053c6c7966ce1cf0c756334d2c936ee3a5600ce704de9aa0b414a33f55599f1e349
- SSDEEP
  
  3072:bMSncRzAOQKhp5LrUwk4XqdPbIGbb02NOgzY+mZgv:ASncRlvhbLrUwk4Xq1bIkbJNNU
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultrat