asyncrat | 5be7483945953a8b8ffd55749ab84dec1a13b69427b3cb7694445ed8ffc834cb | Triage

Sharing

General

Target

5be7483945953a8b8ffd55749ab84dec1a13b69427b3cb7694445ed8ffc834cb.exe
Size

256KB
Sample

241009-qbjhcavejn
MD5

5e2250b31ec719a3f37b0e0d5a922ce6
SHA1

5ca6077879418d910079222335fb5903eb7048b9
SHA256

5be7483945953a8b8ffd55749ab84dec1a13b69427b3cb7694445ed8ffc834cb
SHA512

df25a8d4afa71edb88c0dd167badbd0b932b7674f1d0c3a81cd8976252a9555dc58322333871db4d248ea02020b0f91cf300b9845a478763b0872c880fcae5ad
SSDEEP

6144:4tAUWUhx4fQUZsb88mBTgbbBqLa1F4kIn1cgmlwYbFBtamZ0bSI:4uYhx4f/ZSbbBqJcgmlwYbFBtamZ0bX

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

154.216.17.207:7707

154.216.17.207:8808

154.216.17.207:1188

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
100
install
true
install_file
file.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  5be7483945953a8b8ffd55749ab84dec1a13b69427b3cb7694445ed8ffc834cb.exe
- Size
  
  256KB
- MD5
  
  5e2250b31ec719a3f37b0e0d5a922ce6
- SHA1
  
  5ca6077879418d910079222335fb5903eb7048b9
- SHA256
  
  5be7483945953a8b8ffd55749ab84dec1a13b69427b3cb7694445ed8ffc834cb
- SHA512
  
  df25a8d4afa71edb88c0dd167badbd0b932b7674f1d0c3a81cd8976252a9555dc58322333871db4d248ea02020b0f91cf300b9845a478763b0872c880fcae5ad
- SSDEEP
  
  6144:4tAUWUhx4fQUZsb88mBTgbbBqLa1F4kIn1cgmlwYbFBtamZ0bSI:4uYhx4f/ZSbbBqJcgmlwYbFBtamZ0bX
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat