asyncrat | b2faf8ba7de8dc67c73e33b7659e9d9e3f95d3e94e5501136d444b6ee7c2e46e | Triage

Resubmissions

15-10-2024 10:56

241015-m1wbnavaqm 10

15-10-2024 10:04

241015-l339lssdll 10

Sharing

General

Target

gaming_hook.exe
Size

45KB
Sample

241015-m1wbnavaqm
MD5

a83441b31075a2b7278f15a24745073a
SHA1

36a03ec203072393a76bbfb0560306e8113bbd34
SHA256

b2faf8ba7de8dc67c73e33b7659e9d9e3f95d3e94e5501136d444b6ee7c2e46e
SHA512

819604c704245bb0ef3623ce6e3d13e2c38f61719a089b2b79054aa531dd58cc1c4053dd86b7a2c0c934cab7c2ea8d2272240a4293746f55efe8a2e27069b108
SSDEEP

768:Pue21TYQZ3VWU1ymhbvmo2qjcKjPGaG6PIyzjbFgX3iU0SLRr5vjBDZtWG:Pue21TYiFhN21KTkDy3bCXSU0GtldYG

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

127.0.0.1:555

127.0.0.1:14965

7.tcp.eu.ngrok.io:6606

7.tcp.eu.ngrok.io:7707

7.tcp.eu.ngrok.io:8808

7.tcp.eu.ngrok.io:555

7.tcp.eu.ngrok.io:14965

Mutex

BHBLjnoIyYUB

Attributes

delay
3
install
true
install_file
pjewi89w30MS.exe
install_folder
%Temp%

aes.plain

Targets

- Target
  
  gaming_hook.exe
- Size
  
  45KB
- MD5
  
  a83441b31075a2b7278f15a24745073a
- SHA1
  
  36a03ec203072393a76bbfb0560306e8113bbd34
- SHA256
  
  b2faf8ba7de8dc67c73e33b7659e9d9e3f95d3e94e5501136d444b6ee7c2e46e
- SHA512
  
  819604c704245bb0ef3623ce6e3d13e2c38f61719a089b2b79054aa531dd58cc1c4053dd86b7a2c0c934cab7c2ea8d2272240a4293746f55efe8a2e27069b108
- SSDEEP
  
  768:Pue21TYQZ3VWU1ymhbvmo2qjcKjPGaG6PIyzjbFgX3iU0SLRr5vjBDZtWG:Pue21TYiFhN21KTkDy3bCXSU0GtldYG
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat