asyncrat | 49a6892241d69684c059d9ef6978c302a54bb6b5dfb132763987b5187731d492 | Triage

Sharing

General

Target

test.exe
Size

47KB
Sample

241009-wn94qavelf
MD5

46d287e58cf33af85caf10cb86a0a4f3
SHA1

f439ffe8c890d50bd16cffbb1d579a8e3285d3b1
SHA256

49a6892241d69684c059d9ef6978c302a54bb6b5dfb132763987b5187731d492
SHA512

a0bd2f8d808706978f1cd78290210b9cdf0d3ac4751306ff292606561cdfdca8f5a65fd4008faffae05928bb5dfdd3cb3733e5a2170db77a7aacf27be814badf
SSDEEP

768:12u6ZdTvER+SWUk6P4mo2qb3S+0LzFw6PIrFE6B0bOmRdrgSNThJqZJ7tPY7yPUm:12u6ZdTv2S2MViFwDrFxWbOmRRrNTurd

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

194.44.26.124:6606

194.44.26.124:7707

194.44.26.124:8808

Mutex

YI7Q3o2wgHm8

Attributes

delay
3
install
true
install_file
svchost.exe
install_folder
%Temp%

aes.plain

Targets

- Target
  
  test.exe
- Size
  
  47KB
- MD5
  
  46d287e58cf33af85caf10cb86a0a4f3
- SHA1
  
  f439ffe8c890d50bd16cffbb1d579a8e3285d3b1
- SHA256
  
  49a6892241d69684c059d9ef6978c302a54bb6b5dfb132763987b5187731d492
- SHA512
  
  a0bd2f8d808706978f1cd78290210b9cdf0d3ac4751306ff292606561cdfdca8f5a65fd4008faffae05928bb5dfdd3cb3733e5a2170db77a7aacf27be814badf
- SSDEEP
  
  768:12u6ZdTvER+SWUk6P4mo2qb3S+0LzFw6PIrFE6B0bOmRdrgSNThJqZJ7tPY7yPUm:12u6ZdTv2S2MViFwDrFxWbOmRRrNTurd
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultdiscoveryrat