asyncrat | 666f8ba7a9704f98ae74481fab1ce77c3256bad31d22206c5cdf9cb1009c4b2e | Triage

Sharing

General

Target

666f8ba7a9704f98ae74481fab1ce77c3256bad31d22206c5cdf9cb1009c4b2e
Size

2.3MB
Sample

240930-xvdvja1bkq
MD5

53eeec74113b8e3c39c8a2c01c934f79
SHA1

103bf2ae55ac91c9b6104cc566310c713f188588
SHA256

666f8ba7a9704f98ae74481fab1ce77c3256bad31d22206c5cdf9cb1009c4b2e
SHA512

3fe71d1241adeca2ce78ac544985c7f3169484362a38a98f8a9d076ea60bb22afea4a4dfbc4b22eaf0b2831dc308a1e5b6cad9b6dba1d32a52187dd7a9354711
SSDEEP

24576:fM5SKEGHHwP1mBV/pU2kXZVpQmL0Sd7PJx9KH6+vWlYIEb1KXrNKoH8g:Xh

Score

10^/10

asyncrat discovery persistence rat

Malware Config

Targets

- Target
  
  666f8ba7a9704f98ae74481fab1ce77c3256bad31d22206c5cdf9cb1009c4b2e
- Size
  
  2.3MB
- MD5
  
  53eeec74113b8e3c39c8a2c01c934f79
- SHA1
  
  103bf2ae55ac91c9b6104cc566310c713f188588
- SHA256
  
  666f8ba7a9704f98ae74481fab1ce77c3256bad31d22206c5cdf9cb1009c4b2e
- SHA512
  
  3fe71d1241adeca2ce78ac544985c7f3169484362a38a98f8a9d076ea60bb22afea4a4dfbc4b22eaf0b2831dc308a1e5b6cad9b6dba1d32a52187dd7a9354711
- SSDEEP
  
  24576:fM5SKEGHHwP1mBV/pU2kXZVpQmL0Sd7PJx9KH6+vWlYIEb1KXrNKoH8g:Xh
Score

10^/10

asyncrat discovery persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdiscoverypersistencerat

behavioral2

asyncratdiscoverypersistencerat