asyncrat | 4c8a37bba1eda81eb0e51922a98fa61f278fcab7b58870fa650865a53e308b1d | Triage

Sharing

General

Target

file.exe
Size

67.2MB
Sample

241109-rgprzswcnq
MD5

2a67434fe41c54946d0f82294efe0c46
SHA1

0109f1f1988289b9d9ff33f6bd9de5fb5d9e3a17
SHA256

4c8a37bba1eda81eb0e51922a98fa61f278fcab7b58870fa650865a53e308b1d
SHA512

f6a171693e63e326f9f5e7781fa8b6d783cf3da17c68d5381506d489c86469384d78ee183fecffeaf0bbc1ee1a11088c5cc5b6ba1cb0215994ace1c9ed43ccc0
SSDEEP

1572864:8X+49uMjQOzasFtnCfcc4ZKrTruLo5CXecJ2sMA:8qKQQJF+uQTr6BPJ2/A

Score

10^/10

asyncrat default discovery evasion persistence rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

139.99.3.47:6669

Mutex

DynamoaaBDdajsdh1231bSDaJ21q3

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  file.exe
- Size
  
  67.2MB
- MD5
  
  2a67434fe41c54946d0f82294efe0c46
- SHA1
  
  0109f1f1988289b9d9ff33f6bd9de5fb5d9e3a17
- SHA256
  
  4c8a37bba1eda81eb0e51922a98fa61f278fcab7b58870fa650865a53e308b1d
- SHA512
  
  f6a171693e63e326f9f5e7781fa8b6d783cf3da17c68d5381506d489c86469384d78ee183fecffeaf0bbc1ee1a11088c5cc5b6ba1cb0215994ace1c9ed43ccc0
- SSDEEP
  
  1572864:8X+49uMjQOzasFtnCfcc4ZKrTruLo5CXecJ2sMA:8qKQQJF+uQTr6BPJ2/A
Score

10^/10

asyncrat default discovery evasion persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryevasionpersistencerat

behavioral2