asyncrat | aa00ecf9f75092b10571a992d4a6c736939eef4b742cf0e735a1c7c4a7ee71eb | Triage

Sharing

General

Target

8bd1977b9103ba367f4ef6dab9faeca0N.exe
Size

58KB
Sample

240724-qbhwtaxapp
MD5

8bd1977b9103ba367f4ef6dab9faeca0
SHA1

08e87dfef23486e089bf42cc9048297cdad48005
SHA256

aa00ecf9f75092b10571a992d4a6c736939eef4b742cf0e735a1c7c4a7ee71eb
SHA512

adb8d875752102220d18e1f067c9d58378f79538faa951edbb95a858128d21ad0520802013789a175de12ec6e6341d69f96bcdf206e6bf5ee6aa4958baca8b97
SSDEEP

1536:PgdmilPJab/ZNKyLJeA/CTVIU9w2yCgP75dBAwQ4Dca:al3qNKoe8gVI+DgPNcw99

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

darknessdz.ddns.net:1177

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
10
install
true
install_file
svchost.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  8bd1977b9103ba367f4ef6dab9faeca0N.exe
- Size
  
  58KB
- MD5
  
  8bd1977b9103ba367f4ef6dab9faeca0
- SHA1
  
  08e87dfef23486e089bf42cc9048297cdad48005
- SHA256
  
  aa00ecf9f75092b10571a992d4a6c736939eef4b742cf0e735a1c7c4a7ee71eb
- SHA512
  
  adb8d875752102220d18e1f067c9d58378f79538faa951edbb95a858128d21ad0520802013789a175de12ec6e6341d69f96bcdf206e6bf5ee6aa4958baca8b97
- SSDEEP
  
  1536:PgdmilPJab/ZNKyLJeA/CTVIU9w2yCgP75dBAwQ4Dca:al3qNKoe8gVI+DgPNcw99
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat