asyncrat | 755b9c9ed15a3d43f8da5ddd62146897091f4f0aa301917167d26f368d88a4a7 | Triage

Sharing

General

Target

crvzekdg.exe
Size

606KB
Sample

240810-af7gzazgng
MD5

c5d9ef29294adc4a239a8ad7a2904ef8
SHA1

8b27f6fbd5de811b4b1e7302935dae023b4d440d
SHA256

755b9c9ed15a3d43f8da5ddd62146897091f4f0aa301917167d26f368d88a4a7
SHA512

8d08dc3148b40dd5fec5be0159720570d4e3ee1f67a93bb86443d2b7aecd1a39cb87bd06cc62d060939df3dcba030e38174e91bdcb3c7613f675ecd8d0173360
SSDEEP

12288:FWRkF0fzR56l9djNaYRvudsKnJpwK2tEYvGEtg4pUa:FWR96lAYRvWspt2a

Score

10^/10

asyncrat clean discovery rat

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

CLEAN

C2

amm.mine.nu:1339

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  crvzekdg.exe
- Size
  
  606KB
- MD5
  
  c5d9ef29294adc4a239a8ad7a2904ef8
- SHA1
  
  8b27f6fbd5de811b4b1e7302935dae023b4d440d
- SHA256
  
  755b9c9ed15a3d43f8da5ddd62146897091f4f0aa301917167d26f368d88a4a7
- SHA512
  
  8d08dc3148b40dd5fec5be0159720570d4e3ee1f67a93bb86443d2b7aecd1a39cb87bd06cc62d060939df3dcba030e38174e91bdcb3c7613f675ecd8d0173360
- SSDEEP
  
  12288:FWRkF0fzR56l9djNaYRvudsKnJpwK2tEYvGEtg4pUa:FWR96lAYRvWspt2a
Score

10^/10

asyncrat clean discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratcleandiscoveryrat

behavioral2

asyncratcleandiscoveryrat