asyncrat | 9133d1e1840eba05fd58c6196597ac684b1a429cc7cef55d0c426609f58255c0 | Triage

Sharing

General

Target

e24708d6b2a36fa08513d08c801ded10N.exe
Size

979KB
Sample

240721-s44p4awgqp
MD5

e24708d6b2a36fa08513d08c801ded10
SHA1

bd79ca2abafb41a481def361ede0567ca923f630
SHA256

9133d1e1840eba05fd58c6196597ac684b1a429cc7cef55d0c426609f58255c0
SHA512

622ef04aa8e7f1e3c331293a853300f166b3c8bfc508ee0e49c25806761c3ddb1306752f68c9640aed25f9a77e1304ab1d19a5f25fcf9cdd8904be1c9d618699
SSDEEP

12288:aZcNmVoRehM8BrRpM2OkPtFqIoF1JP3rpMJJNRsVzKnUekzn5nf7DPWHP+alL0Wl:bXRehM2pOcqLj1M3DWKUe453PWv7jWk

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.6D

Botnet

Default

C2

seznam.zapto.org:6606

seznam.zapto.org:7707

seznam.zapto.org:8808

ronymahmoud.casacam.net:6606

ronymahmoud.casacam.net:7707

ronymahmoud.casacam.net:8808

Mutex

tpfypmaupoo

Attributes

delay
8
install
true
install_file
defander.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  e24708d6b2a36fa08513d08c801ded10N.exe
- Size
  
  979KB
- MD5
  
  e24708d6b2a36fa08513d08c801ded10
- SHA1
  
  bd79ca2abafb41a481def361ede0567ca923f630
- SHA256
  
  9133d1e1840eba05fd58c6196597ac684b1a429cc7cef55d0c426609f58255c0
- SHA512
  
  622ef04aa8e7f1e3c331293a853300f166b3c8bfc508ee0e49c25806761c3ddb1306752f68c9640aed25f9a77e1304ab1d19a5f25fcf9cdd8904be1c9d618699
- SSDEEP
  
  12288:aZcNmVoRehM8BrRpM2OkPtFqIoF1JP3rpMJJNRsVzKnUekzn5nf7DPWHP+alL0Wl:bXRehM2pOcqLj1M3DWKUe453PWv7jWk
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat