asyncrat | a2971bc379a09844bf838fdfc79165e50e851eab7ef965529da712f57c989b78 | Triage

Sharing

General

Target

370000.MSBuild.exe
Size

69KB
Sample

241106-rak58atmfl
MD5

d147a5fa86d3f82fde1cfefe7c133cdd
SHA1

0d202133fa8724f0ebb95788bfaf0002b8ae1d28
SHA256

a2971bc379a09844bf838fdfc79165e50e851eab7ef965529da712f57c989b78
SHA512

feddc30eafce60f42f307b5825d6c7ee47672a24c712346a4cde265e49fc53a39aeba8e27ca85757ee4ffe1bca186a46684e9db899ead0ca61113c78732c44a8
SSDEEP

1536:AuUbUfRckg00KuGUYFE7s0v/s5w/b5OnGlBl4zwTrPlTGix:AukUfRckMKuGUYFErAwb5Tl8MTdRx

Score

10^/10

asyncrat default discovery

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Default

C2

lila152512.duckdns.org:1234

Mutex

AsyncMutex_Default

Attributes

delay
3
install
false
install_file
poder.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  370000.MSBuild.exe
- Size
  
  69KB
- MD5
  
  d147a5fa86d3f82fde1cfefe7c133cdd
- SHA1
  
  0d202133fa8724f0ebb95788bfaf0002b8ae1d28
- SHA256
  
  a2971bc379a09844bf838fdfc79165e50e851eab7ef965529da712f57c989b78
- SHA512
  
  feddc30eafce60f42f307b5825d6c7ee47672a24c712346a4cde265e49fc53a39aeba8e27ca85757ee4ffe1bca186a46684e9db899ead0ca61113c78732c44a8
- SSDEEP
  
  1536:AuUbUfRckg00KuGUYFE7s0v/s5w/b5OnGlBl4zwTrPlTGix:AukUfRckMKuGUYFErAwb5Tl8MTdRx
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

defaultasyncrat

behavioral1

behavioral2