asyncrat | 8f6baf69e7e047012b20299cd4d3bf4f86eaee8c7f42fed6cb4a33b79ef51dd2 | Triage

Resubmissions

11-11-2024 13:51

241111-q54elszdrl 10

11-11-2024 13:41

241111-qy5zvstjer 10

11-11-2024 13:36

241111-qwhrjszdkn 10

11-11-2024 13:30

241111-qr3k6azcqp 10

Sharing

General

Target

SunlightBootstrapper.exe
Size

1.8MB
Sample

241111-qy5zvstjer
MD5

7c4f1852448b6217ca92deecaceb6247
SHA1

23f8b47a3a5bbcadb7d01dd8a727e0c2c48c0848
SHA256

8f6baf69e7e047012b20299cd4d3bf4f86eaee8c7f42fed6cb4a33b79ef51dd2
SHA512

4ef4281529f2159761f11ad890da0f7d79e2513019a1fd717b312ef2fb0ef9d01a54cb07561e40b0c12edd46089a8228f977ebb2ac109939bdddda57fad2f812
SSDEEP

24576:dsmUYlIZ2RBbEeUhk7Dz6rdnkYA1LUqBFJJCZm4E6+eQ:emUYlIckeUAGnmLtFaZ0pe

Score

10^/10

asyncrat default discovery evasion rat trojan

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

109.87.212.225:1337

Mutex

oIyMus9FxRxA

Attributes

delay
3
install
true
install_file
dwm.exe
install_folder
%Temp%

aes.plain

Targets

- Target
  
  SunlightBootstrapper.exe
- Size
  
  1.8MB
- MD5
  
  7c4f1852448b6217ca92deecaceb6247
- SHA1
  
  23f8b47a3a5bbcadb7d01dd8a727e0c2c48c0848
- SHA256
  
  8f6baf69e7e047012b20299cd4d3bf4f86eaee8c7f42fed6cb4a33b79ef51dd2
- SHA512
  
  4ef4281529f2159761f11ad890da0f7d79e2513019a1fd717b312ef2fb0ef9d01a54cb07561e40b0c12edd46089a8228f977ebb2ac109939bdddda57fad2f812
- SSDEEP
  
  24576:dsmUYlIZ2RBbEeUhk7Dz6rdnkYA1LUqBFJJCZm4E6+eQ:emUYlIckeUAGnmLtFaZ0pe
Score

10^/10

asyncrat default discovery rat evasion trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Modifies security service
  evasion
- Async RAT payload
  rat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryevasionrattrojan