asyncrat | 7ca2ea6fe909eba4e36a7c8bcdc3593160088dffa65a4ddf845f397e6c513ea2 | Triage

Sharing

General

Target

RobloxPlayerPatcher.exe
Size

25.0MB
Sample

240727-nrzhds1ana
MD5

cf5ff6654fb7ee424211a7b6c9625ab9
SHA1

84080a7813a73b0a2a6e8881c7bd07de048a325c
SHA256

7ca2ea6fe909eba4e36a7c8bcdc3593160088dffa65a4ddf845f397e6c513ea2
SHA512

52aaeac8181db5ad56f8bdb50a0bdc71dce8f75e3a95fc6a2fb9c85f05cf9cf984131f61f8dd1081be055c7b5f25e0a850def1adcdcad433c4aecf2489a3ebb7
SSDEEP

6144:6/M+b97tjVcBqY+TnB8FMNy4yhGuG8fffM5Q:8c9+TBHIGuGGEq

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

qa.riu.one:1420

Mutex

sVDhayko8Fn8

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  RobloxPlayerPatcher.exe
- Size
  
  25.0MB
- MD5
  
  cf5ff6654fb7ee424211a7b6c9625ab9
- SHA1
  
  84080a7813a73b0a2a6e8881c7bd07de048a325c
- SHA256
  
  7ca2ea6fe909eba4e36a7c8bcdc3593160088dffa65a4ddf845f397e6c513ea2
- SHA512
  
  52aaeac8181db5ad56f8bdb50a0bdc71dce8f75e3a95fc6a2fb9c85f05cf9cf984131f61f8dd1081be055c7b5f25e0a850def1adcdcad433c4aecf2489a3ebb7
- SSDEEP
  
  6144:6/M+b97tjVcBqY+TnB8FMNy4yhGuG8fffM5Q:8c9+TBHIGuGGEq
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Scripting

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Scripting

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat