asyncrat | ccea7af19365b950a3f04f3867bb463cc2ac2343d449ec5b0807009c29ace47b | Triage

Sharing

General

Target

ccea7af19365b950a3f04f3867bb463cc2ac2343d449ec5b0807009c29ace47b.exe
Size

258KB
Sample

241009-pllvsayeqd
MD5

46bb734c47fd5bd04999e5854a4d3c6e
SHA1

6dc503c57bd9dbd7dde00e969d6f325e6b51febf
SHA256

ccea7af19365b950a3f04f3867bb463cc2ac2343d449ec5b0807009c29ace47b
SHA512

90b16e51825d7d5311f21d2d6792add4f4bd090c3c39f2671550375f3a86f48ac56ce5b098e70d3f3d3034f929bb69a7a94ac8991c442a09e786fa378b0a3381
SSDEEP

3072:+5anOtzyzmT53JiWYTxPdWnpsKtEhHQcx4sLSs99EIzpvf2iFgC79+tMQbI:+5UOkz4YpAOpusOq9EINeEgC79+ttI

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

154.216.17.207:7707

154.216.17.207:8808

154.216.17.207:1188

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
100
install
true
install_file
file.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  ccea7af19365b950a3f04f3867bb463cc2ac2343d449ec5b0807009c29ace47b.exe
- Size
  
  258KB
- MD5
  
  46bb734c47fd5bd04999e5854a4d3c6e
- SHA1
  
  6dc503c57bd9dbd7dde00e969d6f325e6b51febf
- SHA256
  
  ccea7af19365b950a3f04f3867bb463cc2ac2343d449ec5b0807009c29ace47b
- SHA512
  
  90b16e51825d7d5311f21d2d6792add4f4bd090c3c39f2671550375f3a86f48ac56ce5b098e70d3f3d3034f929bb69a7a94ac8991c442a09e786fa378b0a3381
- SSDEEP
  
  3072:+5anOtzyzmT53JiWYTxPdWnpsKtEhHQcx4sLSs99EIzpvf2iFgC79+tMQbI:+5UOkz4YpAOpusOq9EINeEgC79+ttI
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat