asyncrat | 595d23b3fc8264dd990d995b23879b187fc2934cbfbb472c4dd0fefac1b0018e | Triage

Sharing

General

Target

RuntimeBroker.exe
Size

63KB
Sample

240731-vjftmsyerf
MD5

3b369d802dd1bcbb9581d2b291845bee
SHA1

9536c94f31e4bd44eda47137a21d4f2a9576505a
SHA256

595d23b3fc8264dd990d995b23879b187fc2934cbfbb472c4dd0fefac1b0018e
SHA512

e7d03c9afee1f805d86ae846ace15d8c6501ecd94c1e1890e28e847c7242f6150a7296d6bb70623a2469e1831c10129836f045239270cb20441620a9765d1689
SSDEEP

1536:6JuVTHUv8HtonJTnhKfMZ4JGbbpwj2TRZWKG/kpqKmY7:6JuVTHUv8HyJ7hfgGbbp9TRZWZvz

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

ChuWaWa Rat 5.2

Botnet

Default

C2

31.173.170.243:7777

31.173.170.243:45080

stores-less.gl.at.ply.gg:7777

stores-less.gl.at.ply.gg:45080

Mutex

AtomRatMutex_penka

Attributes

delay
1
install
true
install_file
RuntimeBroker.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  RuntimeBroker.exe
- Size
  
  63KB
- MD5
  
  3b369d802dd1bcbb9581d2b291845bee
- SHA1
  
  9536c94f31e4bd44eda47137a21d4f2a9576505a
- SHA256
  
  595d23b3fc8264dd990d995b23879b187fc2934cbfbb472c4dd0fefac1b0018e
- SHA512
  
  e7d03c9afee1f805d86ae846ace15d8c6501ecd94c1e1890e28e847c7242f6150a7296d6bb70623a2469e1831c10129836f045239270cb20441620a9765d1689
- SSDEEP
  
  1536:6JuVTHUv8HtonJTnhKfMZ4JGbbpwj2TRZWKG/kpqKmY7:6JuVTHUv8HyJ7hfgGbbp9TRZWZvz
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultrat