asyncrat | f2451118fa6c3e2c0f09e71c60cf29021f0736c47abd236e892f33ccb2ddd98e | Triage

Sharing

General

Target

THISISARAT.exe
Size

47KB
Sample

241016-xp13wazgrl
MD5

4744dae074b1b9c94c131aefa1f3827c
SHA1

927c9ae343d07004ea1a618a0ef228a26649eb92
SHA256

f2451118fa6c3e2c0f09e71c60cf29021f0736c47abd236e892f33ccb2ddd98e
SHA512

4211db34221c07b5842f6fdbfa83be11861d28ab1036224a0a8b7f695a8bf1c78422c86685cfa9cef6c503d9638d4420418c180870202c1de1766435a58c0be6
SSDEEP

768:xuETKT0k3qXWUrV6e1mo2qyI/L8CX5a15WSPImqMaHnQ0b9V6KySeZ19X6Qs2mP9:xuETKT0cE2/CL8S5C5W7mqMgn7b9WZ1Q

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

Mutex

5Lk431gyJhat

Attributes

delay
3
install
true
install_file
THISISARAT.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  THISISARAT.exe
- Size
  
  47KB
- MD5
  
  4744dae074b1b9c94c131aefa1f3827c
- SHA1
  
  927c9ae343d07004ea1a618a0ef228a26649eb92
- SHA256
  
  f2451118fa6c3e2c0f09e71c60cf29021f0736c47abd236e892f33ccb2ddd98e
- SHA512
  
  4211db34221c07b5842f6fdbfa83be11861d28ab1036224a0a8b7f695a8bf1c78422c86685cfa9cef6c503d9638d4420418c180870202c1de1766435a58c0be6
- SSDEEP
  
  768:xuETKT0k3qXWUrV6e1mo2qyI/L8CX5a15WSPImqMaHnQ0b9V6KySeZ19X6Qs2mP9:xuETKT0cE2/CL8S5C5W7mqMgn7b9WZ1Q
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat