asyncrat | 05df9a3930acdd99f5d5f5420e33a3f0cb35c50da8d2b7f36b52c6f56230e307 | Triage

Sharing

General

Target

NetwarePlusLoader.exe
Size

190KB
Sample

240714-mxs25azdpd
MD5

3aee5f71b6ba6b81fa54ff3d5bfd30e0
SHA1

5e0c48c23895cf097fcce62cc9d73db55d6fb605
SHA256

05df9a3930acdd99f5d5f5420e33a3f0cb35c50da8d2b7f36b52c6f56230e307
SHA512

a6c97e8905002ae7e4dba759f2b871fff87a9d730576963914e3336ebc4c402c711e03c5bc086f1e2027fc9bf9fe9913cf30935e4048579f223296041ab340af
SSDEEP

3072:lv69ZK/pWcANFVJ9pVe7DRIClM8H3c8yR7k6tX00bgUql:lv69ZK/pWcANFVJ9pVe7DRXlds8g7Ptz

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

environmental-blank.gl.at.ply.gg:25944

Attributes

delay
1
install
true
install_file
$77-aachost.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  NetwarePlusLoader.exe
- Size
  
  190KB
- MD5
  
  3aee5f71b6ba6b81fa54ff3d5bfd30e0
- SHA1
  
  5e0c48c23895cf097fcce62cc9d73db55d6fb605
- SHA256
  
  05df9a3930acdd99f5d5f5420e33a3f0cb35c50da8d2b7f36b52c6f56230e307
- SHA512
  
  a6c97e8905002ae7e4dba759f2b871fff87a9d730576963914e3336ebc4c402c711e03c5bc086f1e2027fc9bf9fe9913cf30935e4048579f223296041ab340af
- SSDEEP
  
  3072:lv69ZK/pWcANFVJ9pVe7DRIClM8H3c8yR7k6tX00bgUql:lv69ZK/pWcANFVJ9pVe7DRXlds8g7Ptz
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultrat