asyncrat | e47d21161e65f29997cc6ecffe41e8f12f79cfd052ad978037d966f42fa70eec | Triage

Sharing

General

Target

01082024_1100_NEW_PURCHASE_ORDER_FOR_AUGUST.zip
Size

540KB
Sample

240801-m4fqda1hjf
MD5

d1001c1f028fea07c746e15e2824788e
SHA1

b235e957cb6744054ae418e62ebb5984aa9073f7
SHA256

e47d21161e65f29997cc6ecffe41e8f12f79cfd052ad978037d966f42fa70eec
SHA512

9397b06708ccfdadd8c37fc88ab4d7adf810156f7318559d1c77767b88bbe6a7bc4b6391543d2e20103095361434800f881b87db0447fdeab0a892c28de10a40
SSDEEP

12288:xq9D9ps/NvpkhXU91vLqCDHxAimPJSf2H63+GM:w9fk5p3+CDHxAimEmS4

Score

10^/10

asyncrat default discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

5.252.165.55:1986

Mutex

AsyncMutex_5SI8OkPnk

Attributes

delay
3
install
true
install_file
Notes.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  PO 39567812_PDF Siemens Ltd. India iGST_eH2mYaM.exE
- Size
  
  663KB
- MD5
  
  7b05be5398ce2cbc424d40b82b8bb4fe
- SHA1
  
  6c158dc6c7324e5b76bb9d89916261c778c23f63
- SHA256
  
  472819b55a8804b4d8787f5e45cc9b1aeb1026d5819f06e91bbc022d53ccae5c
- SHA512
  
  ddb856adf6ddf8d8f696b48a1b5d27584be742bc9f47e4bf07b0dca101be9afa598a087d7bc8e5dc9c0d515d0e7333093ef4c597bd8d3197a2e340caf9da8257
- SSDEEP
  
  12288:fU3929BC4rqhpqBHIA01a29EprIHAJp3UadAAHkR:fU89BNuhaoEprIHAJpkoAr
Score

10^/10

asyncrat default discovery execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryexecutionrat

behavioral2

asyncratdefaultdiscoveryexecutionrat