asyncrat | b51ccac9172b10f3b730c8ae7353cd11bfe2ead8cc8d0e153bada5ad23e1e090 | Triage

Sharing

General

Target

sigma8.exe
Size

317KB
Sample

240719-3pmhdazcna
MD5

3f5d49e0931b38e06bc462ece96e05eb
SHA1

3f8e5cc785431afbeaeec4c03e020e1fb98b8c9a
SHA256

b51ccac9172b10f3b730c8ae7353cd11bfe2ead8cc8d0e153bada5ad23e1e090
SHA512

67cc3f844403308eaa13ded7e0c4167f0878e3faed0813a23559d15097b0d7c7884922bb913b895ffeb3078ed2130646a8d9f13af05d4c20e33e0c162fe2fb0a
SSDEEP

6144:rrlK1ugS2q7Yu2+Kpe7dYXq2r0xAKyGJlETs9lWXoIsJVl85hee5hur:rrlYu2D87XmnBTs95ordbW

Score

10^/10

asyncrat default persistence rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

10.8.0.4:6606

10.8.0.4:7707

10.8.0.4:8808

Mutex

jKcnVXaROJ1n

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  sigma8.exe
- Size
  
  317KB
- MD5
  
  3f5d49e0931b38e06bc462ece96e05eb
- SHA1
  
  3f8e5cc785431afbeaeec4c03e020e1fb98b8c9a
- SHA256
  
  b51ccac9172b10f3b730c8ae7353cd11bfe2ead8cc8d0e153bada5ad23e1e090
- SHA512
  
  67cc3f844403308eaa13ded7e0c4167f0878e3faed0813a23559d15097b0d7c7884922bb913b895ffeb3078ed2130646a8d9f13af05d4c20e33e0c162fe2fb0a
- SSDEEP
  
  6144:rrlK1ugS2q7Yu2+Kpe7dYXq2r0xAKyGJlETs9lWXoIsJVl85hee5hur:rrlYu2D87XmnBTs95ordbW
Score

10^/10

asyncrat default persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultpersistencerat