asyncrat | 566faf9961e590ce146c85c70fc08191682a20166d852ace3a269c418135cfb4 | Triage

Sharing

General

Target

2024-08-06_8ca8d1fe960a2b10d28ba017a8e71e10_hiddentear
Size

592KB
Sample

240806-a5rstaxfpe
MD5

8ca8d1fe960a2b10d28ba017a8e71e10
SHA1

2157e3dff5041988706756723655d5501ae8148f
SHA256

566faf9961e590ce146c85c70fc08191682a20166d852ace3a269c418135cfb4
SHA512

475ce76b2ed0ca3d2284fb9e3cc4ae4aad0b7e9eba21bf615dd1f23bf6d3d150e472dee430884d2243e6b02509c46b2c5c796122aba076f828015c050df6eccd
SSDEEP

12288:qpFbY22u8RFARyGfQ3MWTZfV/hlBg1ddAAZkR:qpxY2CkyGob9/lkAp

Score

10^/10

asyncrat default discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

5.252.165.55:1987

Mutex

AsyncMutex_6SI2OkPnk

Attributes

delay
3
install
true
install_file
NOTES.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  2024-08-06_8ca8d1fe960a2b10d28ba017a8e71e10_hiddentear
- Size
  
  592KB
- MD5
  
  8ca8d1fe960a2b10d28ba017a8e71e10
- SHA1
  
  2157e3dff5041988706756723655d5501ae8148f
- SHA256
  
  566faf9961e590ce146c85c70fc08191682a20166d852ace3a269c418135cfb4
- SHA512
  
  475ce76b2ed0ca3d2284fb9e3cc4ae4aad0b7e9eba21bf615dd1f23bf6d3d150e472dee430884d2243e6b02509c46b2c5c796122aba076f828015c050df6eccd
- SSDEEP
  
  12288:qpFbY22u8RFARyGfQ3MWTZfV/hlBg1ddAAZkR:qpxY2CkyGob9/lkAp
Score

10^/10

asyncrat default discovery execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryexecutionrat

behavioral2

asyncratdefaultdiscoveryexecutionrat