asyncrat | 35e4cca77e38bd9beaf4a33c97a6f2464ca5ff63bbcf59831bd829b4683fda3c | Triage

Resubmissions

24-08-2024 19:10

240824-xvmgnsvarc 10

24-08-2024 18:56

240824-xlh3wstfpb 4

23-08-2024 11:21

240823-nf4mza1bqc 4

23-08-2024 11:13

240823-nbkz3azhrc 10

23-08-2024 11:10

240823-m9qsjashrq 4

22-08-2024 07:12

240822-h1kgyaxfpj 1

22-08-2024 07:06

240822-hxesaaxenm 10

22-08-2024 07:00

240822-hs54nsxdln 10

22-08-2024 06:36

240822-hc93patara 8

22-08-2024 06:32

240822-ha293awfnl 1

Sharing

General

Target

http45.151.62.96setup.exe.txt
Size

29B
Sample

240822-hxesaaxenm
MD5

688fe12c2f39d3d739a04e6c89b1b22f
SHA1

e2ea25ad47861e77b912026839666d3a99f5c90b
SHA256

35e4cca77e38bd9beaf4a33c97a6f2464ca5ff63bbcf59831bd829b4683fda3c
SHA512

f56694118d4adee2e0c65fb28c3ef86bc5db032656e2306e02e0f5b19706e260f0505ee97f5068d07ae5149a410a15eccd3ebc758d216a5549d7dc0de52834ac

Score

10^/10

asyncrat default execution rat

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://20.199.84.103/Client.exe

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

127.0.0.1:1024

20.199.84.103:1024

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  http45.151.62.96setup.exe.txt
- Size
  
  29B
- MD5
  
  688fe12c2f39d3d739a04e6c89b1b22f
- SHA1
  
  e2ea25ad47861e77b912026839666d3a99f5c90b
- SHA256
  
  35e4cca77e38bd9beaf4a33c97a6f2464ca5ff63bbcf59831bd829b4683fda3c
- SHA512
  
  f56694118d4adee2e0c65fb28c3ef86bc5db032656e2306e02e0f5b19706e260f0505ee97f5068d07ae5149a410a15eccd3ebc758d216a5549d7dc0de52834ac
Score

10^/10

asyncrat default execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Downloads MZ/PE file
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultexecutionrat