asyncrat | 79512c2ddc11fb9d9f95f7e6fbacbb91db53362ce6799cf89d870683e63f4605 | Triage

Sharing

General

Target

79512c2ddc11fb9d9f95f7e6fbacbb91db53362ce6799cf89d870683e63f4605
Size

1.6MB
Sample

241007-z2w1sstepn
MD5

decc91c25ed4e101cc014b9a934dc5a3
SHA1

e4a43704cd1a6fbdd2891731cc05c77e4eb50713
SHA256

79512c2ddc11fb9d9f95f7e6fbacbb91db53362ce6799cf89d870683e63f4605
SHA512

98fad9a17c308e7a863adde27d9fee06f85c57b8ccdff0c733214b260b42a192e99aadc0a6a19b08a2154db18f109ec6c7b078ef3dc710ba12bf44c3b7a3ca9b
SSDEEP

49152:m+6V1P6ugIMyBXQ6dlBmFL9QfuD2XaK0Gb7D:e76ugIxBXpBmbn2XaK0oD

Score

10^/10

asyncrat discovery persistence rat

Malware Config

Targets

- Target
  
  79512c2ddc11fb9d9f95f7e6fbacbb91db53362ce6799cf89d870683e63f4605
- Size
  
  1.6MB
- MD5
  
  decc91c25ed4e101cc014b9a934dc5a3
- SHA1
  
  e4a43704cd1a6fbdd2891731cc05c77e4eb50713
- SHA256
  
  79512c2ddc11fb9d9f95f7e6fbacbb91db53362ce6799cf89d870683e63f4605
- SHA512
  
  98fad9a17c308e7a863adde27d9fee06f85c57b8ccdff0c733214b260b42a192e99aadc0a6a19b08a2154db18f109ec6c7b078ef3dc710ba12bf44c3b7a3ca9b
- SSDEEP
  
  49152:m+6V1P6ugIMyBXQ6dlBmFL9QfuD2XaK0Gb7D:e76ugIxBXpBmbn2XaK0oD
Score

10^/10

asyncrat discovery persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdiscoverypersistencerat

behavioral2

asyncratdiscoverypersistencerat