asyncrat | a198dce2dbfe7110ccf2079a14d13645a6228bc7927d74fd3266f32e7b2da4f7 | Triage

Sharing

General

Target

bootstrap.exe
Size

45KB
Sample

240820-31fh7stenq
MD5

df16b88dd944d75a59c53a759ad6cbfa
SHA1

64f1d48f096b3b9c505a53fdfb0068c821835030
SHA256

a198dce2dbfe7110ccf2079a14d13645a6228bc7927d74fd3266f32e7b2da4f7
SHA512

9909cc8cabb8a4855b126211eabc126eef7e8bc64e97bb6ac5b56bf866df644480918430c81b83afff9a4386a17bed3245ae6b1857e293d18cdebca323968127
SSDEEP

768:puLb+TwQhclWUlNzWmo2qD3MREVSrWOPI6zjbugXRicEQTP4MBDZ6x:puLb+Twip2SMiUi363bRXAcjb4Kd6x

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

Mutex

vBItBvMTrx8n

Attributes

delay
3
install
true
install_file
cached_files.exe
install_folder
%Temp%

aes.plain

Targets

- Target
  
  bootstrap.exe
- Size
  
  45KB
- MD5
  
  df16b88dd944d75a59c53a759ad6cbfa
- SHA1
  
  64f1d48f096b3b9c505a53fdfb0068c821835030
- SHA256
  
  a198dce2dbfe7110ccf2079a14d13645a6228bc7927d74fd3266f32e7b2da4f7
- SHA512
  
  9909cc8cabb8a4855b126211eabc126eef7e8bc64e97bb6ac5b56bf866df644480918430c81b83afff9a4386a17bed3245ae6b1857e293d18cdebca323968127
- SSDEEP
  
  768:puLb+TwQhclWUlNzWmo2qD3MREVSrWOPI6zjbugXRicEQTP4MBDZ6x:puLb+Twip2SMiUi363bRXAcjb4Kd6x
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat