asyncrat | 5ec6b19b04ce92c96099d82aa9f698afea763e0dd95fa33fcda302028c1ba931 | Triage

Sharing

General

Target

Dmningsanlg.cmd
Size

5KB
Sample

241111-v9veqasgqa
MD5

c3740f8a31835df5862ca4dcca3f046c
SHA1

fe66ea2e8830e2e05c33b2f57dde0667fcee046a
SHA256

5ec6b19b04ce92c96099d82aa9f698afea763e0dd95fa33fcda302028c1ba931
SHA512

d4edf552833604b184a21a095ff69be1cc260b7a31e0c5f6e02d52d8c5df9b19d315585493d0a9d8edca21f0272e5795e7f9fb3c0d05935dc11f7183a0ed7fbd
SSDEEP

96:fxgDNkSWe+Y7mM2lIg3WU+ynD0jwDOe7o/SJCRNE7/WtBFCV4N6AWYs9skq7WSPu:fcWJY7J2B9+AD0jwDOe7mkCRNoWLFK4i

Score

10^/10

asyncrat 8nyyyy discovery execution persistence rat

Malware Config

Extracted

Family

asyncrat

Version

| Edit by Vinom Rat

Botnet

8nyyyy

C2

newrdb30.ooguy.com:2004

Mutex

AsyncMutex_6zcxrdjgnjGnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Dmningsanlg.cmd
- Size
  
  5KB
- MD5
  
  c3740f8a31835df5862ca4dcca3f046c
- SHA1
  
  fe66ea2e8830e2e05c33b2f57dde0667fcee046a
- SHA256
  
  5ec6b19b04ce92c96099d82aa9f698afea763e0dd95fa33fcda302028c1ba931
- SHA512
  
  d4edf552833604b184a21a095ff69be1cc260b7a31e0c5f6e02d52d8c5df9b19d315585493d0a9d8edca21f0272e5795e7f9fb3c0d05935dc11f7183a0ed7fbd
- SSDEEP
  
  96:fxgDNkSWe+Y7mM2lIg3WU+ynD0jwDOe7o/SJCRNE7/WtBFCV4N6AWYs9skq7WSPu:fcWJY7J2B9+AD0jwDOe7mkCRNoWLFK4i
Score

10^/10

execution asyncrat 8nyyyy discovery persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Adds Run key to start application
  persistence
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncrat8nyyyydiscoveryexecutionpersistencerat