asyncrat | 3daacb3f869e6a293c943fe782d480129c831c6aeeca408e17dd7ba5255e3983 | Triage

Sharing

General

Target

First.exe
Size

21KB
Sample

240928-fgq49sxgpn
MD5

c1d6e0a7cb5f59781fe6fb8e28b9c3e6
SHA1

ea12f2eb7216851d488b694c3ed72040e236b67c
SHA256

3daacb3f869e6a293c943fe782d480129c831c6aeeca408e17dd7ba5255e3983
SHA512

fb8d04c043077b9908baf5913356c55c91944d0c452ece8716327f996b504fa7cd9d6104668069055c6b8285b1df2af5892f18c8e59c11cb4b9fc74e7d5d54a2
SSDEEP

384:IDRQmNZSqPDyqXVQmXNQltXpQyXlQx/uoOQtGQmXE9RrA5SX7jd2Szli5lG7NqPa:Za32tzclrVLjdbi5lGMVA3g

Score

10^/10

asyncrat default discovery evasion rat trojan

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

127.0.0.1:7777

45.137.198.159:7777

Mutex

pgUcrHSbq2HY

Attributes

delay
3
install
true
install_file
123987.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  First.exe
- Size
  
  21KB
- MD5
  
  c1d6e0a7cb5f59781fe6fb8e28b9c3e6
- SHA1
  
  ea12f2eb7216851d488b694c3ed72040e236b67c
- SHA256
  
  3daacb3f869e6a293c943fe782d480129c831c6aeeca408e17dd7ba5255e3983
- SHA512
  
  fb8d04c043077b9908baf5913356c55c91944d0c452ece8716327f996b504fa7cd9d6104668069055c6b8285b1df2af5892f18c8e59c11cb4b9fc74e7d5d54a2
- SSDEEP
  
  384:IDRQmNZSqPDyqXVQmXNQltXpQyXlQx/uoOQtGQmXE9RrA5SX7jd2Szli5lG7NqPa:Za32tzclrVLjdbi5lGMVA3g
Score

10^/10

asyncrat default discovery evasion rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Async RAT payload
  rat
- Disables Task Manager via registry modification
  evasion
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryevasionrattrojan

behavioral2

asyncratdefaultdiscoveryevasionrattrojan