General

  • Target

    AsyncRAT-C-Sharp

  • Size

    328KB

  • Sample

    241023-zbph2a1akp

  • MD5

    4384130e5001c01657353934f1d86549

  • SHA1

    dc57322600eafb6bdc67c883e4625c6aaba82d29

  • SHA256

    8343394c2f705bfa51a2e25f5d6147aee7f6370ed36bc84d0e030071eb18b2d1

  • SHA512

    13ffedde77b51850ff89194ae339fff7be5a7a62b6ea896a9332268aa8c504fbb56a56f76fc9e9e97b470947c7ecee8b4afb26127d8e8bd96a71882dc65e64f9

  • SSDEEP

    6144:LNouBpOL/saqkPV9FemLtcsDSsmwS9wvZJT3CqbMrhryf65NRPaCieMjAkvCJv1p:pouBpOL/saqkPV9FemLtcsDSsmwS9wvi

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

Mutex

8rzGDsuBmup8

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      AsyncRAT-C-Sharp

    • Size

      328KB

    • MD5

      4384130e5001c01657353934f1d86549

    • SHA1

      dc57322600eafb6bdc67c883e4625c6aaba82d29

    • SHA256

      8343394c2f705bfa51a2e25f5d6147aee7f6370ed36bc84d0e030071eb18b2d1

    • SHA512

      13ffedde77b51850ff89194ae339fff7be5a7a62b6ea896a9332268aa8c504fbb56a56f76fc9e9e97b470947c7ecee8b4afb26127d8e8bd96a71882dc65e64f9

    • SSDEEP

      6144:LNouBpOL/saqkPV9FemLtcsDSsmwS9wvZJT3CqbMrhryf65NRPaCieMjAkvCJv1p:pouBpOL/saqkPV9FemLtcsDSsmwS9wvi

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks