asyncrat | 84dd345151b49e484014bb0345c60a5fc6919249ee641ee8ae697688103f2581 | Triage

Sharing

General

Target

685d2926745fbdfd13f779de45057f20N.exe
Size

503KB
Sample

240718-fb3acayfkb
MD5

685d2926745fbdfd13f779de45057f20
SHA1

6b4a1da2f466f300b2ea612848e74211724f1133
SHA256

84dd345151b49e484014bb0345c60a5fc6919249ee641ee8ae697688103f2581
SHA512

61f397924c64417c6ef15c8977de9f96d2f461fa4179569dd47d36127dbb4b2f791860ca91b3b01e10c46631784ee614dcae40f23d837a5310d62806afcedfbf
SSDEEP

12288:9lv312Z3bncmwdGe5hgD0glgTX98kcAWGfuP2Uz4:9J312ZYmwdGeE0glgJVWYuPhz4

Score

10^/10

asyncrat default execution rat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

91.92.255.37:6666

Attributes

delay
1
install
true
install_file
anarchy.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  685d2926745fbdfd13f779de45057f20N.exe
- Size
  
  503KB
- MD5
  
  685d2926745fbdfd13f779de45057f20
- SHA1
  
  6b4a1da2f466f300b2ea612848e74211724f1133
- SHA256
  
  84dd345151b49e484014bb0345c60a5fc6919249ee641ee8ae697688103f2581
- SHA512
  
  61f397924c64417c6ef15c8977de9f96d2f461fa4179569dd47d36127dbb4b2f791860ca91b3b01e10c46631784ee614dcae40f23d837a5310d62806afcedfbf
- SSDEEP
  
  12288:9lv312Z3bncmwdGe5hgD0glgTX98kcAWGfuP2Uz4:9J312ZYmwdGeE0glgJVWYuPhz4
Score

10^/10

asyncrat default execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultexecutionrat

behavioral2