asyncrat | c7cf7947dbe18edfa61474e0cbf78b19a427d040047880b24b2493dad296e243 | Triage

Sharing

General

Target

d53fc47751fa8ad0b613c489aa779bda.bin
Size

521KB
Sample

240818-cbnkeasbmr
MD5

74a42ec59d2d581d26e54ca106c45412
SHA1

ef9d303b6db0b5ea12d769211802fc32b072bede
SHA256

c7cf7947dbe18edfa61474e0cbf78b19a427d040047880b24b2493dad296e243
SHA512

7fddfee69ee65420f4aa66fd7b481ba971b15b623d6090ebdea830d0edae48070200cea03c1792b6ee0938a00ae67c372aaa7c4f6d03a6f6f0300f480645e1fd
SSDEEP

12288:ppYeD/Wo1w7uWk/Kt/ZCMT4qPZx5OZVrkUuKwU0g7woJjc:vYe6o1w7u5GRX8qRzwAxUjvJA

Score

10^/10

asyncrat reed discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

REED

C2

bmh-global.myfirewall.org:15153

Mutex

2bL4M7bieVyn

Attributes

delay
10
install
true
install_file
windows manger.exe
install_folder
%Temp%

aes.plain

Targets

- Target
  
  2328201990de5c77c0353c61e628c68a01aaef1d4566ef9816a1f0333562c5ea.exe
- Size
  
  589KB
- MD5
  
  d53fc47751fa8ad0b613c489aa779bda
- SHA1
  
  ec14fabb10b9aa9f05344c03802294e114bb2af1
- SHA256
  
  2328201990de5c77c0353c61e628c68a01aaef1d4566ef9816a1f0333562c5ea
- SHA512
  
  b6441aeff786d23401267f23960410614a2686e3d10b6f58c5e9042d7c2f48a4975383f2ec05cfc801faa39a3bbb6bb58161b5ec248252c89ab9bf6ef382e326
- SSDEEP
  
  12288:ToQyRAMIgF72A0ybuxRN750J4iWoM7+EgLHpP3V5Ua:uHIgF7Wybexo4iWoM7oHpP3TR
Score

10^/10

asyncrat reed discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratreeddiscoveryrat

behavioral2

asyncratreeddiscoveryrat