asyncrat | 08d86feee2707af5c57b4ffa8663c0e447c7425c39a103906cf15eae7cf1df9d | Triage

Sharing

General

Target

SecuriteInfo.com.Win32.MalwareX-gen.15686.13544.exe
Size

617KB
Sample

241001-cszzrszgjb
MD5

efab5b5f812d86463330da19684fd844
SHA1

a0b6bac84f4de1b67c41f6341becb3dc2626db6b
SHA256

08d86feee2707af5c57b4ffa8663c0e447c7425c39a103906cf15eae7cf1df9d
SHA512

519f70b3d728ded49ec8bd8e51be4f33a927b3bd8fe6b497352da01db90004e1f42835a279ec81820423a76cc6bec173ac6dbd30739c30f59fb944d75f84fe84
SSDEEP

6144:hnyPsDRaXbsXEWqoQ232cl+ZAi/Q4EyJHNtp1oMTjBEDFOq68Md0E+ah73obmbz/:L3TmyiQgJH5+u2FOqRfSDOraw5vqJP

Score

10^/10

asyncrat default discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

127.0.0.1:443

39826:6606

39826:7707

39826:8808

39826:443

Mutex

vf5IYW8jkBzn

Attributes

delay
3
install
true
install_file
AdobeServer.exe
install_folder
%Temp%

aes.plain

Targets

- Target
  
  SecuriteInfo.com.Win32.MalwareX-gen.15686.13544.exe
- Size
  
  617KB
- MD5
  
  efab5b5f812d86463330da19684fd844
- SHA1
  
  a0b6bac84f4de1b67c41f6341becb3dc2626db6b
- SHA256
  
  08d86feee2707af5c57b4ffa8663c0e447c7425c39a103906cf15eae7cf1df9d
- SHA512
  
  519f70b3d728ded49ec8bd8e51be4f33a927b3bd8fe6b497352da01db90004e1f42835a279ec81820423a76cc6bec173ac6dbd30739c30f59fb944d75f84fe84
- SSDEEP
  
  6144:hnyPsDRaXbsXEWqoQ232cl+ZAi/Q4EyJHNtp1oMTjBEDFOq68Md0E+ah73obmbz/:L3TmyiQgJH5+u2FOqRfSDOraw5vqJP
Score

10^/10

asyncrat default discovery execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryexecutionrat

behavioral2

asyncratdefaultdiscoveryexecutionrat