asyncrat | 90e1a7cfb9da290ddfbb7627d0b6ef9cd7a13dba43e660887d282d907bb66def | Triage

Resubmissions

08-08-2024 23:07

240808-24ekmswblh 10

07-08-2024 23:46

240807-3se8gawelq 10

Sharing

General

Target

90e1a7cfb9da290ddfbb7627d0b6ef9cd7a13dba43e660887d282d907bb66def
Size

61.3MB
Sample

240808-24ekmswblh
MD5

7c40508de3db8abc0ba87e8af289d6ca
SHA1

2c59ad7b5c30207f7ba79d21825fd4b35b6f4acc
SHA256

90e1a7cfb9da290ddfbb7627d0b6ef9cd7a13dba43e660887d282d907bb66def
SHA512

3d2c37b7fdc53a0af54e9249442bfc28281bde441744799d62aa37c3781ce6f1525be9b1ed6b02dda611361759a09a3355c08cf48f258cbaba375671de7aa625
SSDEEP

1572864:2EeA7XykodgtLEfrxWcJ5rRfY+rpjsEHZ/xHhd6Cjzo3y1z:2EeA7XXuAErxntBNlsE5Vhd60o3yR

Score

10^/10

asyncrat default discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

Default

C2

googl3d.ddnsking.com:8808

googl3d.ddnsking.com:8080

googl3d.ddnsking.com:7707

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
Runtime.exe
install_folder
%Temp%

aes.plain

Targets

- Target
  
  90e1a7cfb9da290ddfbb7627d0b6ef9cd7a13dba43e660887d282d907bb66def
- Size
  
  61.3MB
- MD5
  
  7c40508de3db8abc0ba87e8af289d6ca
- SHA1
  
  2c59ad7b5c30207f7ba79d21825fd4b35b6f4acc
- SHA256
  
  90e1a7cfb9da290ddfbb7627d0b6ef9cd7a13dba43e660887d282d907bb66def
- SHA512
  
  3d2c37b7fdc53a0af54e9249442bfc28281bde441744799d62aa37c3781ce6f1525be9b1ed6b02dda611361759a09a3355c08cf48f258cbaba375671de7aa625
- SSDEEP
  
  1572864:2EeA7XykodgtLEfrxWcJ5rRfY+rpjsEHZ/xHhd6Cjzo3y1z:2EeA7XXuAErxntBNlsE5Vhd60o3yR
Score

10^/10

asyncrat default discovery execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryexecutionrat