asyncrat | 86387e96355ec40517155830240239f4b44cf4ded5cdf2aea5366abe900245b8 | Triage

Sharing

General

Target

Drawing specification and August PO #07329.exe
Size

579KB
Sample

240805-p88caswgkq
MD5

ff231cb9ee1f4cf6b2ebe3a801c3f110
SHA1

7e79faf8a53e28a504a0f0580f4a07afaafa1c8c
SHA256

86387e96355ec40517155830240239f4b44cf4ded5cdf2aea5366abe900245b8
SHA512

14f446b19e2762260a008a5f54c57eeea9e10390e633c2aaa871af66defadb101171020486019c6a83e2d68ac593754d6ea481d751de73a9902741296abaeba3
SSDEEP

12288:Z5lzFAlgrVwZaeTgvp4oSUMqK0Q4Atm+AFL:ZFDwgh47U6Ti1

Score

10^/10

asyncrat amu discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

AMU

C2

many.ydns.eu:1407

Mutex

p7id6nh2jIqW

Attributes

delay
10
install
true
install_file
windows.exe
install_folder
%Temp%

aes.plain

Targets

- Target
  
  Drawing specification and August PO #07329.exe
- Size
  
  579KB
- MD5
  
  ff231cb9ee1f4cf6b2ebe3a801c3f110
- SHA1
  
  7e79faf8a53e28a504a0f0580f4a07afaafa1c8c
- SHA256
  
  86387e96355ec40517155830240239f4b44cf4ded5cdf2aea5366abe900245b8
- SHA512
  
  14f446b19e2762260a008a5f54c57eeea9e10390e633c2aaa871af66defadb101171020486019c6a83e2d68ac593754d6ea481d751de73a9902741296abaeba3
- SSDEEP
  
  12288:Z5lzFAlgrVwZaeTgvp4oSUMqK0Q4Atm+AFL:ZFDwgh47U6Ti1
Score

10^/10

asyncrat amu discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratamudiscoveryrat

behavioral2