asyncrat | 40268fb4a5e084301d9b6ab32e204b19ca690bea4dbff104881f794f036c4c56 | Triage

Sharing

General

Target

Infected.bat
Size

74KB
Sample

241019-21kmgsvane
MD5

25d86af45fcc93078ac8ff2dd1e83314
SHA1

fd00fd08a9e264bf2470ca17d4b118522fae48fa
SHA256

40268fb4a5e084301d9b6ab32e204b19ca690bea4dbff104881f794f036c4c56
SHA512

518ccc58c6c4eb3c744f4f417892d802dfa13cdb0fbc98020787b5534d12d602e8087741189dfa9ea7eeff9ce09714638b144771692e375fa93d249609debe24
SSDEEP

768:s1yoKUYWJ5jQm6+iPOf9EwY+yIkwJJke7RA65LyTUtwfMMT4bKfdYeXAG6qUo+Rd:Boqa5jHdlFMIkylRB5Gjeep6q6vSp2SY

Score

10^/10

asyncrat default execution rat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

policy-sas.gl.at.ply.gg:43122

Attributes

delay
1
install
true
install_file
Photos.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Infected.bat
- Size
  
  74KB
- MD5
  
  25d86af45fcc93078ac8ff2dd1e83314
- SHA1
  
  fd00fd08a9e264bf2470ca17d4b118522fae48fa
- SHA256
  
  40268fb4a5e084301d9b6ab32e204b19ca690bea4dbff104881f794f036c4c56
- SHA512
  
  518ccc58c6c4eb3c744f4f417892d802dfa13cdb0fbc98020787b5534d12d602e8087741189dfa9ea7eeff9ce09714638b144771692e375fa93d249609debe24
- SSDEEP
  
  768:s1yoKUYWJ5jQm6+iPOf9EwY+yIkwJJke7RA65LyTUtwfMMT4bKfdYeXAG6qUo+Rd:Boqa5jHdlFMIkylRB5Gjeep6q6vSp2SY
Score

10^/10

asyncrat default execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Executes dropped EXE
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultexecutionrat