asyncrat

General

Target

stub.exe
Size

8.3MB
Sample

241109-vay9maycjm
MD5

2abbfb25196ba45ccc85c32898b8d50d
SHA1

eb6299f7ed55934543244088b6a9144927e49a19
SHA256

de7384b0fe1a8564d9ca22fcd0e9e7ee8ec3d09a86b017c54d0db51131a8b576
SHA512

f97aef78229990a59744a62490d4443c56ef18fdb3b783cb0f7cad31ce31d74fd94fbd7f854180c7f8cae067678a02c1f869f1e39c2fe592409687ecbbd50113
SSDEEP

196608:IoGv8HZ4JFdQmRrdA6lS8Qnf2ODjMnGydS8jyi9IleHq7O2zH:pOYsdQOlaF3MnG38jyi9IleKqkH

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:55496

127.0.0.1:37754

tcp://nasdnasnd-55496.portmap.host:55496:55496

tcp://nasdnasnd-55496.portmap.host:55496:37754

tcp://nasdnasnd-55496.portmap.host:55496

tcp://nasdnasnd-55496.portmap.host:37754

floor-getting.gl.at.ply.gg:55496

floor-getting.gl.at.ply.gg:37754

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  stub.exe
- Size
  
  8.3MB
- MD5
  
  2abbfb25196ba45ccc85c32898b8d50d
- SHA1
  
  eb6299f7ed55934543244088b6a9144927e49a19
- SHA256
  
  de7384b0fe1a8564d9ca22fcd0e9e7ee8ec3d09a86b017c54d0db51131a8b576
- SHA512
  
  f97aef78229990a59744a62490d4443c56ef18fdb3b783cb0f7cad31ce31d74fd94fbd7f854180c7f8cae067678a02c1f869f1e39c2fe592409687ecbbd50113
- SSDEEP
  
  196608:IoGv8HZ4JFdQmRrdA6lS8Qnf2ODjMnGydS8jyi9IleHq7O2zH:pOYsdQOlaF3MnG38jyi9IleKqkH
Score

10^/10

asyncrat default execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

PowerShell

1

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

1

T1564

Hidden Files and Directories

1

T1564.001

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Asyncrat family

Async RAT payload

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2