asyncrat | b40bb21bbe95e8431da174700874d89150002a974e7046890146d06cec9044ad | Triage

Sharing

General

Target

Client.exe
Size

48KB
Sample

241110-f8axcs1cnc
MD5

9028b853115f1fbc562435c3191b3546
SHA1

3b06a8e9bafe7a1d75243884fc11862c059a29dd
SHA256

b40bb21bbe95e8431da174700874d89150002a974e7046890146d06cec9044ad
SHA512

d4e7fd7b13075af3a2f6d83ebb3106c48dad939eee1281a3acdd653d0d093757fcfce4072a1de8ac8a7eaab4ed7ecf560d56e03c8864f14d626da54e7146eb80
SSDEEP

768:lV9TQo2oIL4+M0+LiktelDSN+iV08Ybyge7LrMvEgK/JzWfVc6KN:lVpQoVsktKDs4zb1wUnkJzWfVclN

Score

10^/10

asyncrat default discovery evasion persistence privilege_escalation rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

127.0.0.1:8848

127.0.0.1:54025

147.185.221.23:8848

147.185.221.23:54025

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_file
opus hook injector.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Client.exe
- Size
  
  48KB
- MD5
  
  9028b853115f1fbc562435c3191b3546
- SHA1
  
  3b06a8e9bafe7a1d75243884fc11862c059a29dd
- SHA256
  
  b40bb21bbe95e8431da174700874d89150002a974e7046890146d06cec9044ad
- SHA512
  
  d4e7fd7b13075af3a2f6d83ebb3106c48dad939eee1281a3acdd653d0d093757fcfce4072a1de8ac8a7eaab4ed7ecf560d56e03c8864f14d626da54e7146eb80
- SSDEEP
  
  768:lV9TQo2oIL4+M0+LiktelDSN+iV08Ybyge7LrMvEgK/JzWfVc6KN:lVpQoVsktKDs4zb1wUnkJzWfVclN
Score

10^/10

asyncrat default discovery evasion persistence privilege_escalation rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Modifies Windows Firewall
  evasion
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- Enumerates processes with tasklist
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Account Manipulation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Account Manipulation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Network Service Discovery

Permission Groups Discovery

Local Groups

Process Discovery

System Information Discovery

System Network Connections Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultdiscoveryevasionpersistenceprivilege_escalationrat