asyncrat | 4acdc95e84a15b5af10b513c1629b3fac7f398c5c44f9445934ad0d7b81ac908 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4acdc95e84a15b5af10b513c1629b3fac7f398c5c44f9445934ad0d7b81ac908.exe
Size

32.0MB
Sample

240919-kqp1sa1akn
MD5

fb962c2aac3ebcb22bfe895c456a0d61
SHA1

0d44b7262f2656c22479bd45b2b05ef0a1364ab8
SHA256

4acdc95e84a15b5af10b513c1629b3fac7f398c5c44f9445934ad0d7b81ac908
SHA512

e75c5ae61181dccc1fc375cbffea2b4375da19d04ba6895436bf51adbcb284d64654db9272320fe1c7b10fc561c696a0e9efc8b7020123b761567822196d1423
SSDEEP

393216:h5nOYndLMIiWP/65X1Rme/o1NROh2gA/hcxVQU:7doIi/3R3/iJgyc7F

Score

10^/10

asyncrat default discovery execution persistence rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

imperiodosabor.shop:8821

Mutex

wmplayer_Corporation

Attributes

delay
1
install
false
install_file
wmplayer.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  4acdc95e84a15b5af10b513c1629b3fac7f398c5c44f9445934ad0d7b81ac908.exe
- Size
  
  32.0MB
- MD5
  
  fb962c2aac3ebcb22bfe895c456a0d61
- SHA1
  
  0d44b7262f2656c22479bd45b2b05ef0a1364ab8
- SHA256
  
  4acdc95e84a15b5af10b513c1629b3fac7f398c5c44f9445934ad0d7b81ac908
- SHA512
  
  e75c5ae61181dccc1fc375cbffea2b4375da19d04ba6895436bf51adbcb284d64654db9272320fe1c7b10fc561c696a0e9efc8b7020123b761567822196d1423
- SSDEEP
  
  393216:h5nOYndLMIiWP/65X1Rme/o1NROh2gA/hcxVQU:7doIi/3R3/iJgyc7F
Score

10^/10

asyncrat default discovery execution persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryexecutionpersistencerat

behavioral2

asyncratdefaultdiscoveryexecutionpersistencerat