asyncrat | 526ea33289356c0ed440ed74337e50e4fc6ce2dae41032cacd5e2a8228d657ed | Triage

Sharing

Copy URL Twitter E-mail

General

Target

526ea33289356c0ed440ed74337e50e4fc6ce2dae41032cacd5e2a8228d657ed
Size

10.0MB
Sample

240829-g2egmszbkj
MD5

98a06726419d6f57c0d9b0835522d920
SHA1

cf0ec3810ef0f1e79d25b8e28ab04595ca7371dd
SHA256

526ea33289356c0ed440ed74337e50e4fc6ce2dae41032cacd5e2a8228d657ed
SHA512

a81d839cbb6614013f1e49b5430a4bde6369599f3545272877ee574b49975d37dbe7bb6ad893c4a91ed5bfce684454dcbda145b63fdea5d9e4379bba0196ea18
SSDEEP

24576:LgavIUE8hYhJBZVrqMg/ngUsx6Er3v7Wm0DbxwLxvPjqT9Q0X7xxErhccu:LLvzhY3RrqMgoUkr3v7WvDbY1YQw2F

Score

10^/10

asyncrat 0000028-ago discovery persistence rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

0000028-AGO

C2

rolandgarros.dynuddns.net:22207

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  526ea33289356c0ed440ed74337e50e4fc6ce2dae41032cacd5e2a8228d657ed
- Size
  
  10.0MB
- MD5
  
  98a06726419d6f57c0d9b0835522d920
- SHA1
  
  cf0ec3810ef0f1e79d25b8e28ab04595ca7371dd
- SHA256
  
  526ea33289356c0ed440ed74337e50e4fc6ce2dae41032cacd5e2a8228d657ed
- SHA512
  
  a81d839cbb6614013f1e49b5430a4bde6369599f3545272877ee574b49975d37dbe7bb6ad893c4a91ed5bfce684454dcbda145b63fdea5d9e4379bba0196ea18
- SSDEEP
  
  24576:LgavIUE8hYhJBZVrqMg/ngUsx6Er3v7Wm0DbxwLxvPjqT9Q0X7xxErhccu:LLvzhY3RrqMgoUkr3v7WvDbY1YQw2F
Score

10^/10

asyncrat 0000028-ago discovery persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncrat0000028-agodiscoverypersistencerat

behavioral2

asyncrat0000028-agodiscoverypersistencerat