asyncrat | cc4dde06185d6ee70b8f88bf8ff2ddbfd4635fd6f8fdb62516cf6e19f4235b3e | Triage

Resubmissions

02/09/2024, 10:46

240902-mt1b2azanc 10

02/09/2024, 10:42

240902-mr1j1szajg 10

Sharing

Copy URL Twitter E-mail

General

Target

bogaziciuygulamam.exe
Size

96KB
Sample

240902-mt1b2azanc
MD5

dbc181309bdc8abdd3c082e8ad9cd081
SHA1

ae49fb0c23014468b0fb98b7be9a91557bef9b69
SHA256

cc4dde06185d6ee70b8f88bf8ff2ddbfd4635fd6f8fdb62516cf6e19f4235b3e
SHA512

8a121777cc4eab65626fd0d6673498360996662379f604528133bdfd49cb4e1cd4a6d9e9538cf69440026b90565c6a5ace95793848d371608e555cd2cbfca73b
SSDEEP

1536:3uMZ1TDlsPF/28eJIrJAUXb0uowBvQHnkdplm8Cx:3uM/ThsPF/28drJAUXbhLNQHnkzCx

Score

10^/10

asyncrat campain discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

campain

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

127.0.0.1:3636

91.92.247.224:6606

91.92.247.224:7707

91.92.247.224:8808

91.92.247.224:3636

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
ckbogazici.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  bogaziciuygulamam.exe
- Size
  
  96KB
- MD5
  
  dbc181309bdc8abdd3c082e8ad9cd081
- SHA1
  
  ae49fb0c23014468b0fb98b7be9a91557bef9b69
- SHA256
  
  cc4dde06185d6ee70b8f88bf8ff2ddbfd4635fd6f8fdb62516cf6e19f4235b3e
- SHA512
  
  8a121777cc4eab65626fd0d6673498360996662379f604528133bdfd49cb4e1cd4a6d9e9538cf69440026b90565c6a5ace95793848d371608e555cd2cbfca73b
- SSDEEP
  
  1536:3uMZ1TDlsPF/28eJIrJAUXb0uowBvQHnkdplm8Cx:3uM/ThsPF/28drJAUXbhLNQHnkzCx
Score

10^/10

asyncrat campain discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratcampainasyncrat

behavioral1

asyncratcampaindiscoveryrat