asyncrat | b9f9560d6685fc8b8140b21d45f4a7c0db161fdb9d21f6e8f2761d96e4369d0f | Triage

Sharing

General

Target

b9f9560d6685fc8b8140b21d45f4a7c0db161fdb9d21f6e8f2761d96e4369d0f.exe
Size

45KB
Sample

241103-sg3jhsxbjb
MD5

b89bac1cc03e354616b2abb93e46b630
SHA1

3a8ebca9f486096312c41095d687ae69f7633000
SHA256

b9f9560d6685fc8b8140b21d45f4a7c0db161fdb9d21f6e8f2761d96e4369d0f
SHA512

2cb5dde9e8b1ac739c44608d65e3857a0271ccd337e1ce015d8a176409d6f98cd114df36e2837741ea4a842bc4e4e6d6456522d4990184e156b27473bf419ffd
SSDEEP

768:lunq5TgoqzqWU8d9rmo2qrgKjPGaG6PIyzjbFgX3iR8ytFE6O51D8F7BDZrx:lunq5TgNR25KTkDy3bCXSOYy621Stdrx

Score

10^/10

asyncrat remcos default oct 20 discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

leehoi01.ddns.net:6606

leehoi01.ddns.net:7707

leehoi01.ddns.net:8808

103.186.117.76:6606

103.186.117.76:7707

103.186.117.76:8808

Mutex

38k2Jr0USXF6

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Extracted

Family

remcos

Botnet

OCT 20

C2

leehoi01.ddns.net:9373

103.187.117.76:5584

154.216.18.171:5584

154.216.20.223:5584

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-CC22NB
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
Remcos
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  b9f9560d6685fc8b8140b21d45f4a7c0db161fdb9d21f6e8f2761d96e4369d0f.exe
- Size
  
  45KB
- MD5
  
  b89bac1cc03e354616b2abb93e46b630
- SHA1
  
  3a8ebca9f486096312c41095d687ae69f7633000
- SHA256
  
  b9f9560d6685fc8b8140b21d45f4a7c0db161fdb9d21f6e8f2761d96e4369d0f
- SHA512
  
  2cb5dde9e8b1ac739c44608d65e3857a0271ccd337e1ce015d8a176409d6f98cd114df36e2837741ea4a842bc4e4e6d6456522d4990184e156b27473bf419ffd
- SSDEEP
  
  768:lunq5TgoqzqWU8d9rmo2qrgKjPGaG6PIyzjbFgX3iR8ytFE6O51D8F7BDZrx:lunq5TgNR25KTkDy3bCXSOYy621Stdrx
Score

10^/10

asyncrat remcos default oct 20 discovery execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
- Executes dropped EXE
- Loads dropped DLL
- Command and Scripting Interpreter: PowerShell
  Start PowerShell.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratremcosdefaultoct 20discoveryexecutionrat

behavioral2

asyncratdefaultdiscoveryrat