asyncrat | 41d486ecbc7e076dc64d603fb09dbf0cff934c9816e427d16450aedf95672e9d | Triage

Sharing

General

Target

41d486ecbc7e076dc64d603fb09dbf0cff934c9816e427d16450aedf95672e9d
Size

47KB
Sample

241101-wdwhks1rdx
MD5

90ef5e4f564a69f94e47955daecf5a7e
SHA1

8fd27d79d74a657fb6ecfcb0e1975f00a1cf417e
SHA256

41d486ecbc7e076dc64d603fb09dbf0cff934c9816e427d16450aedf95672e9d
SHA512

ad1e7b3c3776eae5448fe981520ca0c048000c13fd5c65d5c95dbd840ea56dfb8dbe164532fc9c013b96fd89ff3106170284de2ceb61c6907703299a5829365c
SSDEEP

768:h8IZILkWAA+jiFtelDSN+iV08YbygeYpgByFPvEgK/JLZVc6KN:h8YoFtKDs4zb15pgByFnkJLZVclN

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

159.146.103.132:5554

Mutex

mtx

Attributes

delay
1
install
true
install_file
winfile.exe
install_folder
%Temp%

aes.plain

Targets

- Target
  
  41d486ecbc7e076dc64d603fb09dbf0cff934c9816e427d16450aedf95672e9d
- Size
  
  47KB
- MD5
  
  90ef5e4f564a69f94e47955daecf5a7e
- SHA1
  
  8fd27d79d74a657fb6ecfcb0e1975f00a1cf417e
- SHA256
  
  41d486ecbc7e076dc64d603fb09dbf0cff934c9816e427d16450aedf95672e9d
- SHA512
  
  ad1e7b3c3776eae5448fe981520ca0c048000c13fd5c65d5c95dbd840ea56dfb8dbe164532fc9c013b96fd89ff3106170284de2ceb61c6907703299a5829365c
- SSDEEP
  
  768:h8IZILkWAA+jiFtelDSN+iV08YbygeYpgByFPvEgK/JLZVc6KN:h8YoFtKDs4zb15pgByFnkJLZVclN
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat