asyncrat | 478ca90bdf1d94b880dd18c1fd1a5b6124d4e1c4b77c546df88a0aa992aeb225 | Triage

Sharing

General

Target

startup_str.bat
Size

382KB
Sample

241006-1qx96asamh
MD5

8b1f260a182f74419011f14a8ba21a37
SHA1

48d8da3f5971ebd6b358b6b63491b5e68f099a6c
SHA256

478ca90bdf1d94b880dd18c1fd1a5b6124d4e1c4b77c546df88a0aa992aeb225
SHA512

509a8b51cb3922f9be6c94029abbc4611b1ce438262abc9fef414780e97d7542d214ae42866ccaf540b52e6cfef017abfc00c891643b3b81753c9f4115ad64aa
SSDEEP

6144:UJ+xnM15AXYHvdijZhhzPrJaBuLEQ/npzItPvshlqfyef:f8udDJ5hmPvqlRy

Score

10^/10

asyncrat unam defense_evasion execution rat

Malware Config

Extracted

Family

asyncrat

Version

AsyncRAT

Botnet

unam

C2

windowsignn.theworkpc.com:6606

Mutex

AsyncMutex_5552

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  startup_str.bat
- Size
  
  382KB
- MD5
  
  8b1f260a182f74419011f14a8ba21a37
- SHA1
  
  48d8da3f5971ebd6b358b6b63491b5e68f099a6c
- SHA256
  
  478ca90bdf1d94b880dd18c1fd1a5b6124d4e1c4b77c546df88a0aa992aeb225
- SHA512
  
  509a8b51cb3922f9be6c94029abbc4611b1ce438262abc9fef414780e97d7542d214ae42866ccaf540b52e6cfef017abfc00c891643b3b81753c9f4115ad64aa
- SSDEEP
  
  6144:UJ+xnM15AXYHvdijZhhzPrJaBuLEQ/npzItPvshlqfyef:f8udDJ5hmPvqlRy
Score

10^/10

asyncrat unam defense_evasion execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratunamdefense_evasionexecutionrat