asyncrat | 60a7817faaf9adb71d33fb1c95394ba2cce84e41c5a4dad443b49a0e9e0272fb | Triage

Sharing

General

Target

60a7817faaf9adb71d33fb1c95394ba2cce84e41c5a4dad443b49a0e9e0272fb
Size

7.9MB
Sample

241009-fk77yszdnj
MD5

48ecd8658fb2e447e3ad6bd434638894
SHA1

6af0910e19191d1d7dc54ee0433ace688679c47d
SHA256

60a7817faaf9adb71d33fb1c95394ba2cce84e41c5a4dad443b49a0e9e0272fb
SHA512

551f5a41bc5ac35b235b9bd7c30bdda98037d8b6a631c5e2fc4f09fd0024a6075f7e38329fe9acf0bdee82a7bcdd94f7d92914f4fbcfdbfdbab99a3f7a2e82ee
SSDEEP

196608:3giCEmN0NVEyXMCHGLLc54i1wN+yjXx5nDasqWQ2dTNUGk6ulx+iITxavM:5C0NVEyXMCHWUjKjx5WsqWxThuaT8U

Score

10^/10

asyncrat default pyinstaller rat

Malware Config

Extracted

Family

asyncrat

Version

PortHack 1.0.0

Botnet

Default

C2

113.219.237.106:80

113.219.237.106:59196

Mutex

DcRatMutex

Attributes

delay
1
install
true
install_file
Microsoft Edge.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  60a7817faaf9adb71d33fb1c95394ba2cce84e41c5a4dad443b49a0e9e0272fb
- Size
  
  7.9MB
- MD5
  
  48ecd8658fb2e447e3ad6bd434638894
- SHA1
  
  6af0910e19191d1d7dc54ee0433ace688679c47d
- SHA256
  
  60a7817faaf9adb71d33fb1c95394ba2cce84e41c5a4dad443b49a0e9e0272fb
- SHA512
  
  551f5a41bc5ac35b235b9bd7c30bdda98037d8b6a631c5e2fc4f09fd0024a6075f7e38329fe9acf0bdee82a7bcdd94f7d92914f4fbcfdbfdbab99a3f7a2e82ee
- SSDEEP
  
  196608:3giCEmN0NVEyXMCHGLLc54i1wN+yjXx5nDasqWQ2dTNUGk6ulx+iITxavM:5C0NVEyXMCHWUjKjx5WsqWxThuaT8U
Score

10^/10

asyncrat default pyinstaller rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultpyinstallerrat