asyncrat | 047395bab7cccf7f5179169e35c5da5bbc4625ec084508f966b94314eb22a6bb | Triage

Sharing

General

Target

2024-10-18_9c1ccf6b5b942e0ffdb3f3f689359b8c_cobalt-strike_megazord
Size

3.8MB
Sample

241018-qbgnra1bnm
MD5

9c1ccf6b5b942e0ffdb3f3f689359b8c
SHA1

5a3523f6e6fa11c6f4bf3cf9a3057d881bd1e7c5
SHA256

047395bab7cccf7f5179169e35c5da5bbc4625ec084508f966b94314eb22a6bb
SHA512

6ec2d0840b496aade1a4eceb663d7273f3b92bdd937f6429e6c6cf356efa510789bf1c7d470cf1b96640d7e0cf728a43db3cd56f95adcc853b9a7b84ba6a6049
SSDEEP

49152:5/Y+Lx24MRKwSKh3GZULeOSeBzPGYwsGrZbfcrxrJ4FbFHNd1e6N:lTJ2VJcbfd1e6N

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

2.0.0

Botnet

Default

C2

webwhatsapp.cc:65503

Mutex

ShiningForceRatMutex_cs_cs_cs

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  2024-10-18_9c1ccf6b5b942e0ffdb3f3f689359b8c_cobalt-strike_megazord
- Size
  
  3.8MB
- MD5
  
  9c1ccf6b5b942e0ffdb3f3f689359b8c
- SHA1
  
  5a3523f6e6fa11c6f4bf3cf9a3057d881bd1e7c5
- SHA256
  
  047395bab7cccf7f5179169e35c5da5bbc4625ec084508f966b94314eb22a6bb
- SHA512
  
  6ec2d0840b496aade1a4eceb663d7273f3b92bdd937f6429e6c6cf356efa510789bf1c7d470cf1b96640d7e0cf728a43db3cd56f95adcc853b9a7b84ba6a6049
- SSDEEP
  
  49152:5/Y+Lx24MRKwSKh3GZULeOSeBzPGYwsGrZbfcrxrJ4FbFHNd1e6N:lTJ2VJcbfd1e6N
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryrat

behavioral2