asyncrat | a81247dc7f17c060fd6b4a9b4610f43a091c03ad29d2fa1ca33123f24b94a9f6 | Triage

Sharing

General

Target

CeleryPaid.exe
Size

84KB
Sample

240812-2a6f9stfmj
MD5

d8ddfe689db5aa55038f2a6901bc4129
SHA1

1aa8014aa025d9c664607d8dc382ff519e8f3597
SHA256

a81247dc7f17c060fd6b4a9b4610f43a091c03ad29d2fa1ca33123f24b94a9f6
SHA512

c5e949107c6dd6715f8a53dbdcadd655f122d1e707a091a4eed949bae9a0d14d1fbb4ae29905ab45315a5bd707dc1225fafccb3b0d5cef98859b38ffcfd306bc
SSDEEP

1536:7uUTVTwA4M2a6jK8rICGOMbCFNiLQPJPUGdRPkZb48nZYc6fFyo+O13y0FT4DRuT:7uURTwA4M2ZjK8rICzMbCF/ZUGMbpmco

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

193.161.193.99:6606

193.161.193.99:7707

193.161.193.99:8808

193.161.193.99:8000

193.161.193.99:1194

193.161.193.99:39886

193.161.193.99:41111

Mutex

4t5F44SITrns

Attributes

delay
3
install
true
install_file
CeleryPaid.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  CeleryPaid.exe
- Size
  
  84KB
- MD5
  
  d8ddfe689db5aa55038f2a6901bc4129
- SHA1
  
  1aa8014aa025d9c664607d8dc382ff519e8f3597
- SHA256
  
  a81247dc7f17c060fd6b4a9b4610f43a091c03ad29d2fa1ca33123f24b94a9f6
- SHA512
  
  c5e949107c6dd6715f8a53dbdcadd655f122d1e707a091a4eed949bae9a0d14d1fbb4ae29905ab45315a5bd707dc1225fafccb3b0d5cef98859b38ffcfd306bc
- SSDEEP
  
  1536:7uUTVTwA4M2a6jK8rICGOMbCFNiLQPJPUGdRPkZb48nZYc6fFyo+O13y0FT4DRuT:7uURTwA4M2ZjK8rICzMbCF/ZUGMbpmco
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultdiscoveryrat