asyncrat

General

Target

8254f85ef0146f11e0071b9048ec3fdedc3113fbe2f40a7b6f9acc62cdfe56a6
Size

9.0MB
Sample

240919-yldnvaxglp
MD5

770e86de8a842438158eb5df1839ff84
SHA1

eec33c6b88cd140973e60d7b99bb5c93daa07e7c
SHA256

8254f85ef0146f11e0071b9048ec3fdedc3113fbe2f40a7b6f9acc62cdfe56a6
SHA512

be8371146d32a01a17366faf8e3eb8f90966b352e06954bafc061b55a1909637d189d91492068d81a971b8059ae8b83bd3c67b9230e2d9a8c515af29c8d3a0d6
SSDEEP

196608:LtsxbAQvatwq+ZkiKDIKx0vGkNWehyzGVzzePCw29uWZeEn2o2Lz9QhS0:+xvaaq+ZkFVx0OhayzWX6JjlE2lLhQE

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.158.128:80/jquery-3.3.2.slim.min.js

Attributes

user_agent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Extracted

Family

asyncrat

Botnet

Default

C2

143.92.57.11:2048

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  8254f85ef0146f11e0071b9048ec3fdedc3113fbe2f40a7b6f9acc62cdfe56a6
- Size
  
  9.0MB
- MD5
  
  770e86de8a842438158eb5df1839ff84
- SHA1
  
  eec33c6b88cd140973e60d7b99bb5c93daa07e7c
- SHA256
  
  8254f85ef0146f11e0071b9048ec3fdedc3113fbe2f40a7b6f9acc62cdfe56a6
- SHA512
  
  be8371146d32a01a17366faf8e3eb8f90966b352e06954bafc061b55a1909637d189d91492068d81a971b8059ae8b83bd3c67b9230e2d9a8c515af29c8d3a0d6
- SSDEEP
  
  196608:LtsxbAQvatwq+ZkiKDIKx0vGkNWehyzGVzzePCw29uWZeEn2o2Lz9QhS0:+xvaaq+ZkFVx0OhayzWX6JjlE2lLhQE
Score

10^/10

asyncrat cobaltstrike default backdoor discovery rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Async RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Cobaltstrike

Async RAT payload

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2