asyncrat | 04105c31ae5c279af8caa8d22410391f0b21b4a6fb426852011932f4f063fe32 | Triage

Sharing

General

Target

04105c31ae5c279af8caa8d22410391f0b21b4a6fb426852011932f4f063fe32
Size

130KB
Sample

240720-zq2f5sycpj
MD5

c894a24b791013f77cd90631beb2c5ea
SHA1

73ceadbc28aa686461fe3d1afc361a3cb2bee327
SHA256

04105c31ae5c279af8caa8d22410391f0b21b4a6fb426852011932f4f063fe32
SHA512

50f95867e36485c11f45cb86599770296c5431853770be58bc2e3f4961d19a105ea2c8554754bfe2c7768cef7e92c96ae56cfb3e8df650be579e28c39c43185c
SSDEEP

1536:A39qSqQzbdqtnkJLlriMv+vLYq/SWkXftdFXGq0h8v6ZiBPUmZFIOdqDVclN:09qszbdqxm1ihk6kvtfGq0ev3U2WZpY

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

mcehonline-48303.portmap.io:48303

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
true
install_file
SearchIndexer.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  04105c31ae5c279af8caa8d22410391f0b21b4a6fb426852011932f4f063fe32
- Size
  
  130KB
- MD5
  
  c894a24b791013f77cd90631beb2c5ea
- SHA1
  
  73ceadbc28aa686461fe3d1afc361a3cb2bee327
- SHA256
  
  04105c31ae5c279af8caa8d22410391f0b21b4a6fb426852011932f4f063fe32
- SHA512
  
  50f95867e36485c11f45cb86599770296c5431853770be58bc2e3f4961d19a105ea2c8554754bfe2c7768cef7e92c96ae56cfb3e8df650be579e28c39c43185c
- SSDEEP
  
  1536:A39qSqQzbdqtnkJLlriMv+vLYq/SWkXftdFXGq0h8v6ZiBPUmZFIOdqDVclN:09qszbdqxm1ihk6kvtfGq0ev3U2WZpY
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat