asyncrat | bf3bb84cd01c19a5e1a00c9cf975ad8e5dcee257c43087768760a317b7dca2c3 | Triage

Sharing

General

Target

bf3bb84cd01c19a5e1a00c9cf975ad8e5dcee257c43087768760a317b7dca2c3
Size

9.7MB
Sample

240813-aeck7sydmm
MD5

b0dc9d6835d6f7709491abf442fd72f5
SHA1

e9a3be12a05c077ceaf1adc4f58f9e76863e9e63
SHA256

bf3bb84cd01c19a5e1a00c9cf975ad8e5dcee257c43087768760a317b7dca2c3
SHA512

87ba3a6a79644f7c224c558594c5d3bc5a60878b006b06fec019d4bc66ee3542e24ce6b3e1e4f17b4c9c8858d5612384bc4cbadc84f2258f37970db60628977b
SSDEEP

196608:OPbB2M/X7E2/swFyCBMoM2j+tOnXYOu/4Djxp:Y2M/XY4swFBBMGytOnG/4D1p

Score

10^/10

asyncrat default defense_evasion discovery persistence rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

95.211.208.153:6606

95.211.208.153:7707

95.211.208.153:8808

5512.sytes.net:6606

5512.sytes.net:7707

5512.sytes.net:8808

Mutex

Llg9a02PERRO

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  bf3bb84cd01c19a5e1a00c9cf975ad8e5dcee257c43087768760a317b7dca2c3
- Size
  
  9.7MB
- MD5
  
  b0dc9d6835d6f7709491abf442fd72f5
- SHA1
  
  e9a3be12a05c077ceaf1adc4f58f9e76863e9e63
- SHA256
  
  bf3bb84cd01c19a5e1a00c9cf975ad8e5dcee257c43087768760a317b7dca2c3
- SHA512
  
  87ba3a6a79644f7c224c558594c5d3bc5a60878b006b06fec019d4bc66ee3542e24ce6b3e1e4f17b4c9c8858d5612384bc4cbadc84f2258f37970db60628977b
- SSDEEP
  
  196608:OPbB2M/X7E2/swFyCBMoM2j+tOnXYOu/4Djxp:Y2M/XY4swFBBMGytOnG/4D1p
Score

10^/10

asyncrat default defense_evasion discovery persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Obfuscated Files or Information

Command Obfuscation

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdefense_evasiondiscoverypersistencerat

behavioral2

asyncratdefaultdefense_evasiondiscoverypersistencerat