asyncrat | 2ba8e9c8f1451fc0f3d1e13c268c9507a53c8e7d19346a5a52ad7c7481494f4e | Triage

Sharing

General

Target

Client.exe
Size

47KB
Sample

241012-gcz22swfmc
MD5

9054f16d3546d47e5c292b55a57b57a5
SHA1

65747cde93ecade78592ba939b344a8d430faffd
SHA256

2ba8e9c8f1451fc0f3d1e13c268c9507a53c8e7d19346a5a52ad7c7481494f4e
SHA512

0876fb8222706c5344e46d468a13a8eaf8bb940925c05c46984c09be589a568f9007cd7e4b3eaa79434301377026cbea4af3aa644da82b7fca5959b332628aae
SSDEEP

768:p9n7mxUzILWCaS+DiMtelDSN+iV08YbygesnQWqxvEgK/JnZVc6KN:p97AKWMtKDs4zb1rxcnkJnZVclN

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

form-skin.gl.at.ply.gg:4159

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_file
NursultanLoader.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Client.exe
- Size
  
  47KB
- MD5
  
  9054f16d3546d47e5c292b55a57b57a5
- SHA1
  
  65747cde93ecade78592ba939b344a8d430faffd
- SHA256
  
  2ba8e9c8f1451fc0f3d1e13c268c9507a53c8e7d19346a5a52ad7c7481494f4e
- SHA512
  
  0876fb8222706c5344e46d468a13a8eaf8bb940925c05c46984c09be589a568f9007cd7e4b3eaa79434301377026cbea4af3aa644da82b7fca5959b332628aae
- SSDEEP
  
  768:p9n7mxUzILWCaS+DiMtelDSN+iV08YbygesnQWqxvEgK/JnZVc6KN:p97AKWMtKDs4zb1rxcnkJnZVclN
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat