asyncrat | 639a014ae556d3940e2dab686d310c36e80302367bbd06c70d4304d2d9f13ea1 | Triage

Sharing

General

Target

639a014ae556d3940e2dab686d310c36e80302367bbd06c70d4304d2d9f13ea1
Size

418KB
Sample

240725-2cscesyekq
MD5

e9f97ff6d802b18ef23f3fda43197d4d
SHA1

f73e795660f1dd38807fd4b3551ea004255bccbe
SHA256

639a014ae556d3940e2dab686d310c36e80302367bbd06c70d4304d2d9f13ea1
SHA512

1340529c69aec37bb92a4511b88a53e5a56102f3c6edcfd839f3350b3a473f9d1128afb8b177770f93fb627096bda81e81ce67c0def7e98faf1d67222fb14d58
SSDEEP

6144:u5SLGG3tvLiX4aK8y0n80RTJyMPdFa5gJE3tl4Hwkt3l:u5SLhpiX4P8yqlR9yMPdEjKQkV

Score

10^/10

asyncrat default discovery rat spyware stealer

Malware Config

Extracted

Family

asyncrat

Version

AWS | RxR

Botnet

Default

C2

cloudali.duckdns.org:6606

cloudali.duckdns.org:7707

cloudali.duckdns.org:8808

cloudali.duckdns.org:777

Mutex

gebna_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  639a014ae556d3940e2dab686d310c36e80302367bbd06c70d4304d2d9f13ea1
- Size
  
  418KB
- MD5
  
  e9f97ff6d802b18ef23f3fda43197d4d
- SHA1
  
  f73e795660f1dd38807fd4b3551ea004255bccbe
- SHA256
  
  639a014ae556d3940e2dab686d310c36e80302367bbd06c70d4304d2d9f13ea1
- SHA512
  
  1340529c69aec37bb92a4511b88a53e5a56102f3c6edcfd839f3350b3a473f9d1128afb8b177770f93fb627096bda81e81ce67c0def7e98faf1d67222fb14d58
- SSDEEP
  
  6144:u5SLGG3tvLiX4aK8y0n80RTJyMPdFa5gJE3tl4Hwkt3l:u5SLhpiX4P8yqlR9yMPdEjKQkV
Score

10^/10

asyncrat default discovery rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryratspywarestealer

behavioral2

asyncratdefaultdiscoveryratspywarestealer