asyncrat | c0885fb20ec6822ecf51e73751f0192f09f0e747ca20f9b75458222bc4c685e5 | Triage

Sharing

General

Target

ae4ff56ceb6716a8f9338e084f7701d4.bin
Size

8.0MB
Sample

240729-dzf1xavfpb
MD5

ae4ff56ceb6716a8f9338e084f7701d4
SHA1

4cabe539d621d59f41a481ffac48a8cf8592c14d
SHA256

c0885fb20ec6822ecf51e73751f0192f09f0e747ca20f9b75458222bc4c685e5
SHA512

72fee97a9af3d94699af86d85401fc1d2be5b4310661f0860ae78fecc00d8da0aa76554785ec64678d3e98f5040a888f1e7324f11cb7c1c966a6b698d3394838
SSDEEP

1536:M9RvNeRcklHCFmD3IWvPdb1SzXWTkDxaaDE3Zx7FkhDpqFUUQDS+0basrdVsQDQ:cRvi/NIWvPdb2XoJZZmhDpl/uaWdVsv

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

qa.riu.one:1420

Mutex

sVDhayko8Fn8

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  ae4ff56ceb6716a8f9338e084f7701d4.bin
- Size
  
  8.0MB
- MD5
  
  ae4ff56ceb6716a8f9338e084f7701d4
- SHA1
  
  4cabe539d621d59f41a481ffac48a8cf8592c14d
- SHA256
  
  c0885fb20ec6822ecf51e73751f0192f09f0e747ca20f9b75458222bc4c685e5
- SHA512
  
  72fee97a9af3d94699af86d85401fc1d2be5b4310661f0860ae78fecc00d8da0aa76554785ec64678d3e98f5040a888f1e7324f11cb7c1c966a6b698d3394838
- SSDEEP
  
  1536:M9RvNeRcklHCFmD3IWvPdb1SzXWTkDxaaDE3Zx7FkhDpqFUUQDS+0basrdVsQDQ:cRvi/NIWvPdb2XoJZZmhDpl/uaWdVsv
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Scripting

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Scripting

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat