General
-
Target
AsyncRAT-modified_Edition_2024-main.zip
-
Size
27.3MB
-
Sample
240719-t5n7gazfmm
-
MD5
e34524a9ab42b81e3da1144a5e58e0e4
-
SHA1
0410f9bed8b4874833f9b5eb199c7eb86e166a52
-
SHA256
651ae3e16cafdf6057e1ce6508136b975833a7bc5efec2280eee454c85595868
-
SHA512
06933a049630189cfef240ee37b7bca7bb27c50f2e58e59431b79b73e6742717f91cdf2af26f38ada62ca9077ea0c8ca0f4fe1553670af7a51aad2a9b1083b1a
-
SSDEEP
786432:6MWukJoroUl6RqgnosyQv8tS6eUFCt4NczPQ33Db3OAXkoWA9qKQ/ko7Dyw+kb:6MtkDGQv8fWSNWS3nfXZU/9yF0
Malware Config
Extracted
asyncrat
| Edit by Vinom Rat
Default
microsoftssl.ddns.net:6606
microsoftssl.ddns.net:7707
microsoftssl.ddns.net:8808
microsoftssl.ddns.net:222
microsoftssl.ddns.net:5005
microsoftssl.ddns.net:1001
microsoftssl.ddns.net:1002
microsoftssl.ddns.net:1003
microsoftssl.ddns.net:1004
microsoftssl.ddns.net:1005
microsoftssl.ddns.net:2001
microsoftssl.ddns.net:2002
microsoftssl.ddns.net:2003
microsoftssl.ddns.net:2004
microsoftssl.ddns.net:2005
microsoftssl.ddns.net:8080
code0xxx.duckdns.org:6606
code0xxx.duckdns.org:7707
code0xxx.duckdns.org:8808
code0xxx.duckdns.org:222
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
svchost.exe
-
install_folder
%AppData%
Targets
-
-
Target
AsyncRAT-modified_Edition_2024-main/AsyncRAT.EXE
-
Size
4.9MB
-
MD5
d5b006ed22c1c641003eb6b601870e3d
-
SHA1
fc033c5e9f9a80b6236bb1ec7c34c5f6b77bfff4
-
SHA256
31e790fabe30ecd87f47d12b5512eea5287a58666f323af0c903f62343a51df2
-
SHA512
6245f86dc16128813cf7669e396f0b88f38d6f47de3f76c5be552b432bb4608c189fc8bb8d6818d6b4785c2394812dd64d8a5f298da4faa3fa25d33d334e8df2
-
SSDEEP
98304:3Wp7fnwdPuW7ciw3/VnnX4t/hDIQLbl171NLaEZZfbrX+ps5fIOfatdzL8:3WpDOmW7KPVnI1h17aGZn+ps5fvStdX
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Async RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1