asyncrat | cd6b375afc5bc9712d70713c229efe8d51084675ca7e06d77c673cff01b6c69a | Triage

Sharing

General

Target

juepta.exe
Size

45KB
Sample

241116-2wk3fsvmdy
MD5

f5f5c83965ddca843cc1aaf6e8a708b9
SHA1

491eddac26eeb7d9ea491cbf16ba241fcbd60ba8
SHA256

cd6b375afc5bc9712d70713c229efe8d51084675ca7e06d77c673cff01b6c69a
SHA512

f1243de2f0b7ce3f559e090ebf441143ac3642114b753d27bb0d9648d07c67480ddebe9ac458c302b8c90a94ae48a4869e5f90141444de5ec444ac9ec8eab12b
SSDEEP

768:9u50dTtQpVBTWU/fShmo2qgQZo3TMtPIQWjbBgX3i512BZuGdit3iqCBDZXx:9u50dTt0y28U3QabuXS512BZuGQ2dXx

Score

10^/10

asyncrat default discovery phishing rat spyware stealer

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

127.0.0.1:4782

127.0.0.1:3425

Cristopher11sa-62565.portmap.host:6606

Cristopher11sa-62565.portmap.host:7707

Cristopher11sa-62565.portmap.host:8808

Cristopher11sa-62565.portmap.host:4782

Cristopher11sa-62565.portmap.host:3425

190.104.116.8:6606

190.104.116.8:7707

190.104.116.8:8808

190.104.116.8:4782

190.104.116.8:3425

azxq0ap.localto.net:6606

azxq0ap.localto.net:7707

azxq0ap.localto.net:8808

azxq0ap.localto.net:4782

azxq0ap.localto.net:3425

Mutex

E2qgtjRHaRSi

Attributes

delay
3
install
false
install_file
Java updater.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  juepta.exe
- Size
  
  45KB
- MD5
  
  f5f5c83965ddca843cc1aaf6e8a708b9
- SHA1
  
  491eddac26eeb7d9ea491cbf16ba241fcbd60ba8
- SHA256
  
  cd6b375afc5bc9712d70713c229efe8d51084675ca7e06d77c673cff01b6c69a
- SHA512
  
  f1243de2f0b7ce3f559e090ebf441143ac3642114b753d27bb0d9648d07c67480ddebe9ac458c302b8c90a94ae48a4869e5f90141444de5ec444ac9ec8eab12b
- SSDEEP
  
  768:9u50dTtQpVBTWU/fShmo2qgQZo3TMtPIQWjbBgX3i512BZuGdit3iqCBDZXx:9u50dTt0y28U3QabuXS512BZuGQ2dXx
Score

10^/10

asyncrat default discovery phishing rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- A potential corporate email address has been identified in the URL: [email protected]
  phishing
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultdiscoveryphishingratspywarestealer