asyncrat

General

Target

dcaf229e56e1b0f267d7e99b63920150ef1c18f8bcbf4da94c9ac592c75bdbe8
Size

1.3MB
Sample

240804-3ytytavarc
MD5

ba1d173c86f1757d5afd626ac8654a46
SHA1

ad5a96395c1856976ccc21a5475c8abee46a7395
SHA256

dcaf229e56e1b0f267d7e99b63920150ef1c18f8bcbf4da94c9ac592c75bdbe8
SHA512

4f5bd6c43004e5daf86e0a9353821b8e55c735a9318ba035db36221387024645a0c5418bd9ca1ab21cb2130e1893650abafa6ea081b5cb82396201d376783208
SSDEEP

24576:jC3aGYqXtuh05vkLFz/cQO9JLyxa47UI4Gp+visFLfd++NYd++2MwvesVdRLFlr:EYT0iLBYJia4734GpUzd++N7HTjlr

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

45.90.13.137:7707

Mutex

HleCBmrMxwFA

Attributes

delay
3
install
true
install_file
Server-Host.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  RC7 (5) (1)/First.dll
- Size
  
  7KB
- MD5
  
  64fb3c0c1269bdb3119d0aeca9783c69
- SHA1
  
  39903892a687e03aebfd1de9c407e724bf5024fb
- SHA256
  
  77ea5129b0e8145f00c040a5a7db84b37d6b736f488e866545ae072ad9ca221a
- SHA512
  
  22565870393c6353591bd2eabc9748e269704277bdb1df7faaa99564ed78988a455df4a515de8231cbfa6655ea3eeabd137fa2fa0b162132d6e08fb329e5381b
- SSDEEP
  
  96:rddBmJWilc/5eFLxHolIOCcmMdPpkwWNFRR1X+W6FnCSHN/CNVWzwkSTozNt:pyJpieF9Ho0cm69TCekpq
Score

1^/10
behavioral1 behavioral2
- Target
  
  RC7 (5) (1)/First.exe
- Size
  
  139KB
- MD5
  
  d5f71f93624190439b569498acca69a9
- SHA1
  
  323c616a5ed5e680b221f1db6acfa222e8be719a
- SHA256
  
  8bcb2329f01af33a1707f6a1a749987cfaff3976a9bcdbffad37d477dd5fd8ab
- SHA512
  
  e03043bbd4389f77d337a33d92764496bd5a84654a95a3792de0a025765d43a795ef1351a64d96c6ae1f85daadc68a1c1fdc192a9adb153a15cf1cb71607b715
- SSDEEP
  
  3072:+iS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJK8ltX:+iS4ompB9S3BZi0a1G78IVhcgct
Score

10^/10

asyncrat default discovery evasion rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Async RAT payload
  rat
- Disables Task Manager via registry modification
  evasion
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral3 behavioral4
- Target
  
  RC7 (5) (1)/ScintillaNET.dll
- Size
  
  1.3MB
- MD5
  
  9166536c31f4e725e6befe85e2889a4b
- SHA1
  
  f0cd8253b7e64157d39a8dc5feb8cf7bda7e8dae
- SHA256
  
  ad0cc5a4d4a6aae06ee360339c851892b74b8a275ce89c1b48185672179f3163
- SHA512
  
  113a7b77d2d557d135470787deead744d42f8292d853e2b55074e9cb3591fd045ffd10e5c81b5c15dde55861b806363568611e591ae25dcb31cf011da7e72562
- SSDEEP
  
  24576:IJSShz305vgNF7/cOCPHPSVs4Eq+QTNX+cfQdS+2MMPishd/Ws5:ti0aNvoHqs4L95X+cfx/HGC
Score

1^/10
behavioral5 behavioral6