asyncrat | bd82518001b0e98e87bee5331d017872e5a2bafe549811d4953c145d5809e656 | Triage

Sharing

General

Target

Bender Logger V1.5 (still in beta).exe
Size

47KB
Sample

240814-1ce7eszhqk
MD5

474f9807fa8bd9492fe2df927c22f8b8
SHA1

6c152c84e860d3e3fda3d42bd930eab9221d2960
SHA256

bd82518001b0e98e87bee5331d017872e5a2bafe549811d4953c145d5809e656
SHA512

a192c33482eb78552dac6e63d3a7888091a455b4c851fc3c6b6315ac4ffc1e14eb3de8e32784aa1d9ed23e324aff57e145b336e8627b4fd5dbd586246d312b7e
SSDEEP

768:quSgNT3ol7xWUpe+7mo2qLTrp5npecYgCPIXK5I0bIPrnnKshevEKwrDnsAs62tO:quSgNT3K52KjnpecrLXabqrnKtj2jxSM

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

0.tcp.eu.ngrok.io:8080

0.tcp.eu.ngrok.io:13424

Mutex

AsyncMutex_6SI8OkPnkasa

Attributes

delay
3
install
true
install_file
win.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Bender Logger V1.5 (still in beta).exe
- Size
  
  47KB
- MD5
  
  474f9807fa8bd9492fe2df927c22f8b8
- SHA1
  
  6c152c84e860d3e3fda3d42bd930eab9221d2960
- SHA256
  
  bd82518001b0e98e87bee5331d017872e5a2bafe549811d4953c145d5809e656
- SHA512
  
  a192c33482eb78552dac6e63d3a7888091a455b4c851fc3c6b6315ac4ffc1e14eb3de8e32784aa1d9ed23e324aff57e145b336e8627b4fd5dbd586246d312b7e
- SSDEEP
  
  768:quSgNT3ol7xWUpe+7mo2qLTrp5npecYgCPIXK5I0bIPrnnKshevEKwrDnsAs62tO:quSgNT3K52KjnpecrLXabqrnKtj2jxSM
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat