asyncrat | 2d2b207af1b1ad9dccb96a6c77c1be6994e69a4a1272db05b9b8239f1f9b68f7 | Triage

Sharing

General

Target

2d2b207af1b1ad9dccb96a6c77c1be6994e69a4a1272db05b9b8239f1f9b68f7
Size

63KB
Sample

240731-v7m8mazgjh
MD5

a07981dacdc37e2dcee6555cf89f504b
SHA1

f3f2804e66b02e50e1cd402c7a534d886ea708b1
SHA256

2d2b207af1b1ad9dccb96a6c77c1be6994e69a4a1272db05b9b8239f1f9b68f7
SHA512

ddd3e5d010b8694569705b77455bfb524445d4e376ba01fe6cac3e9d7d79075e367c21c81a4fdb97413836cb1f60b54bca10e6fee478cee12c3c6610c39c0141
SSDEEP

1536:0ZaJIKsnhKfMZ4JGbbpwlHhGPkpqKmY7:0nKOhfgGbbpaavz

Score

10^/10

asyncrat chuwawa rat

Malware Config

Extracted

Family

asyncrat

Version

ChuWaWa 5.2

Botnet

ChuWaWa

C2

stores-less.gl.at.ply.gg:7777

stores-less.gl.at.ply.gg:45080

31.173.170.243:7777

31.173.170.243:45080

Mutex

ChuWaWaRatMutex_penka

Attributes

delay
1
install
true
install_file
RuntimeBroker.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  2d2b207af1b1ad9dccb96a6c77c1be6994e69a4a1272db05b9b8239f1f9b68f7
- Size
  
  63KB
- MD5
  
  a07981dacdc37e2dcee6555cf89f504b
- SHA1
  
  f3f2804e66b02e50e1cd402c7a534d886ea708b1
- SHA256
  
  2d2b207af1b1ad9dccb96a6c77c1be6994e69a4a1272db05b9b8239f1f9b68f7
- SHA512
  
  ddd3e5d010b8694569705b77455bfb524445d4e376ba01fe6cac3e9d7d79075e367c21c81a4fdb97413836cb1f60b54bca10e6fee478cee12c3c6610c39c0141
- SSDEEP
  
  1536:0ZaJIKsnhKfMZ4JGbbpwlHhGPkpqKmY7:0nKOhfgGbbpaavz
Score

10^/10

asyncrat chuwawa rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratchuwawaasyncrat

behavioral1

asyncratchuwawarat

behavioral2

asyncratchuwawarat