asyncrat | 406003369cdaa1265adbee0949af5c9159b63f2f3f109729074f34951e706f70 | Triage

Sharing

General

Target

406003369cdaa1265adbee0949af5c9159b63f2f3f109729074f34951e706f70N
Size

63KB
Sample

241017-2rckhsthnm
MD5

6de5e8e61de16af71ce14a2d3fa1f850
SHA1

048d9a82336d8aa0831220bdc30b88b729efd995
SHA256

406003369cdaa1265adbee0949af5c9159b63f2f3f109729074f34951e706f70
SHA512

a1391fe9c5618898a13cea0be45f1d75584ae077a2f86002e1ce7a5eb69f9fdddae9586825bfaa138610501d2df9b6849d69ec5c5c1def2e8c56498f2cb74b5e
SSDEEP

768:phqd2hP4Wo783IC8A+XqqazcBRL5JTk1+T4KSBGHmDbD/ph0oXRdiMy9qSusdpqM:+i4WkRdSJYUbdh9f/yfusdpqKmY7

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:1223

play-tapes.gl.at.ply.gg:1223

Attributes

delay
1
install
true
install_file
system32.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  406003369cdaa1265adbee0949af5c9159b63f2f3f109729074f34951e706f70N
- Size
  
  63KB
- MD5
  
  6de5e8e61de16af71ce14a2d3fa1f850
- SHA1
  
  048d9a82336d8aa0831220bdc30b88b729efd995
- SHA256
  
  406003369cdaa1265adbee0949af5c9159b63f2f3f109729074f34951e706f70
- SHA512
  
  a1391fe9c5618898a13cea0be45f1d75584ae077a2f86002e1ce7a5eb69f9fdddae9586825bfaa138610501d2df9b6849d69ec5c5c1def2e8c56498f2cb74b5e
- SSDEEP
  
  768:phqd2hP4Wo783IC8A+XqqazcBRL5JTk1+T4KSBGHmDbD/ph0oXRdiMy9qSusdpqM:+i4WkRdSJYUbdh9f/yfusdpqKmY7
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat