asyncrat | 586e3716114e7ad01d36785d3560c2c0ff95e79d123298a027de9a92b45a0af0 | Triage

Sharing

General

Target

586e3716114e7ad01d36785d3560c2c0ff95e79d123298a027de9a92b45a0af0
Size

3.6MB
Sample

240913-wqvf2szhmk
MD5

0be22ec6371b90546836caa3b3990dbd
SHA1

024a3e12c248cb1912bfcd6cbf0d8e5eed1e77e8
SHA256

586e3716114e7ad01d36785d3560c2c0ff95e79d123298a027de9a92b45a0af0
SHA512

ad783038ee12bd20873cc2deee410d114c30c7da11e720e79007aa9373ae0ed459759f82c8e2ebcf13548f6aac4fc2234ee89b57b35a16ec488aace87c4316a3
SSDEEP

49152:7EA9P+bz2cHPcUb6HSb4SOEMkBeH7nQckO6bAB7jdTVeLX3338x:/92bz2Eb6pd7B6bAB7+LX3332

Score

10^/10

asyncrat default discovery persistence rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

septiembre13.con-ip.com:2727

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  586e3716114e7ad01d36785d3560c2c0ff95e79d123298a027de9a92b45a0af0
- Size
  
  3.6MB
- MD5
  
  0be22ec6371b90546836caa3b3990dbd
- SHA1
  
  024a3e12c248cb1912bfcd6cbf0d8e5eed1e77e8
- SHA256
  
  586e3716114e7ad01d36785d3560c2c0ff95e79d123298a027de9a92b45a0af0
- SHA512
  
  ad783038ee12bd20873cc2deee410d114c30c7da11e720e79007aa9373ae0ed459759f82c8e2ebcf13548f6aac4fc2234ee89b57b35a16ec488aace87c4316a3
- SSDEEP
  
  49152:7EA9P+bz2cHPcUb6HSb4SOEMkBeH7nQckO6bAB7jdTVeLX3338x:/92bz2Eb6pd7B6bAB7+LX3332
Score

10^/10

asyncrat default discovery persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoverypersistencerat

behavioral2

asyncratdefaultdiscoverypersistencerat