asyncrat | 90f02187819001943af22474f263663346b69b50fae940acb0562492e783faef | Triage

Sharing

General

Target

90f02187819001943af22474f263663346b69b50fae940acb0562492e783faef
Size

66KB
Sample

241105-bgflbatmek
MD5

69076459b0cdae463d8996540868f034
SHA1

21d983815bda3c337094bc6b1956ac768f239ccf
SHA256

90f02187819001943af22474f263663346b69b50fae940acb0562492e783faef
SHA512

cea529ed0f221a8fa96887f35d411a62f40a4621a5be70a721b4efbc5c89f480248585958b0e3053c18208a01d9c02fe416e89c01b2887cb05ff4c95e9df929d
SSDEEP

1536:92kv0bo/KQk5AvgdKuvUYFMDPLPg/tARbDZ0I615rmTGKd:92I0wKQkLKuvUYFkPdRbDa5Exd

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

| Edit by Vinom Rat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

127.0.0.1:9999

127.0.0.1:46089

anything-eco.gl.at.ply.gg:6606

anything-eco.gl.at.ply.gg:7707

anything-eco.gl.at.ply.gg:8808

anything-eco.gl.at.ply.gg:9999

anything-eco.gl.at.ply.gg:46089

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
runtime.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  90f02187819001943af22474f263663346b69b50fae940acb0562492e783faef
- Size
  
  66KB
- MD5
  
  69076459b0cdae463d8996540868f034
- SHA1
  
  21d983815bda3c337094bc6b1956ac768f239ccf
- SHA256
  
  90f02187819001943af22474f263663346b69b50fae940acb0562492e783faef
- SHA512
  
  cea529ed0f221a8fa96887f35d411a62f40a4621a5be70a721b4efbc5c89f480248585958b0e3053c18208a01d9c02fe416e89c01b2887cb05ff4c95e9df929d
- SSDEEP
  
  1536:92kv0bo/KQk5AvgdKuvUYFMDPLPg/tARbDZ0I615rmTGKd:92I0wKQkLKuvUYFkPdRbDa5Exd
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat