asyncrat | d2ef48c59444db481a238f32b6fb35abee02165fa1b0bf63080f9b89728d7cfa | Triage

Submit
Reports

Overview

overview

Static

static

1

d2ef48c594...fa.lnk

windows7-x64

8

d2ef48c594...fa.lnk

windows10-2004-x64

Sharing

General

Target

d2ef48c59444db481a238f32b6fb35abee02165fa1b0bf63080f9b89728d7cfa
Size

2KB
Sample

241111-s2nwvs1eje
MD5

5358d8d8fe485972eb8115f7daf16080
SHA1

245e93bc84a9e8635732a8b9a9ed2e906a09f1c0
SHA256

d2ef48c59444db481a238f32b6fb35abee02165fa1b0bf63080f9b89728d7cfa
SHA512

5808ab33e81962bc5252022357a2906651a84ad1cdcf007e5b21d0eb9ff1f08c9fde44d186a18c64e06e8c3ccb6b751de000e1877922dccb8cf7e6cc7996bf74

Score

10^/10

asyncrat default discovery execution rat

Static task

static1

Behavioral task

behavioral1

Sample

d2ef48c59444db481a238f32b6fb35abee02165fa1b0bf63080f9b89728d7cfa.lnk

Resource

win7-20240903-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

d2ef48c59444db481a238f32b6fb35abee02165fa1b0bf63080f9b89728d7cfa.lnk

Resource

win10v2004-20241007-en

asyncrat default discovery execution rat

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

103.125.189.155:8848

Mutex

DcRatMutex_adxzvxv

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  d2ef48c59444db481a238f32b6fb35abee02165fa1b0bf63080f9b89728d7cfa
- Size
  
  2KB
- MD5
  
  5358d8d8fe485972eb8115f7daf16080
- SHA1
  
  245e93bc84a9e8635732a8b9a9ed2e906a09f1c0
- SHA256
  
  d2ef48c59444db481a238f32b6fb35abee02165fa1b0bf63080f9b89728d7cfa
- SHA512
  
  5808ab33e81962bc5252022357a2906651a84ad1cdcf007e5b21d0eb9ff1f08c9fde44d186a18c64e06e8c3ccb6b751de000e1877922dccb8cf7e6cc7996bf74
Score

10^/10

execution asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultdiscoveryexecutionrat

© 2018-2024

Terms | Privacy