asyncrat | a4d68abab530b30e8060ef2ded1bc57036ca53be7c3b5fbfdf62f65640ef82d9 | Triage

Sharing

General

Target

nezur.exe
Size

47KB
Sample

241116-ec3f3atkgn
MD5

60ea224fad8adf65358117a39a4bd365
SHA1

1eb47f8bc6d41ef26915e1f5292a830b4060dd67
SHA256

a4d68abab530b30e8060ef2ded1bc57036ca53be7c3b5fbfdf62f65640ef82d9
SHA512

2ea92e0abaa49537eca5d6f834275679e02c426d68c29298118f2202a11798209a013ab82caaca1670d6192886945137af31b96ed91e6b654f04849dba9c1800
SSDEEP

768:IuGE1THwoPNWUtHT1MHmo2qz79WjIDfWEs7PIILiU0bMusLmNzg5DhcA5Avfc5nK:IuGE1THbF1m2MXfrILwbDsw05DhDa4nK

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

127.0.0.1:55112

147.185.221.23:6606

147.185.221.23:7707

147.185.221.23:8808

147.185.221.23:55112

Mutex

YdG4sJsjPfA4

Attributes

delay
3
install
true
install_file
nezur.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  nezur.exe
- Size
  
  47KB
- MD5
  
  60ea224fad8adf65358117a39a4bd365
- SHA1
  
  1eb47f8bc6d41ef26915e1f5292a830b4060dd67
- SHA256
  
  a4d68abab530b30e8060ef2ded1bc57036ca53be7c3b5fbfdf62f65640ef82d9
- SHA512
  
  2ea92e0abaa49537eca5d6f834275679e02c426d68c29298118f2202a11798209a013ab82caaca1670d6192886945137af31b96ed91e6b654f04849dba9c1800
- SSDEEP
  
  768:IuGE1THwoPNWUtHT1MHmo2qz79WjIDfWEs7PIILiU0bMusLmNzg5DhcA5Avfc5nK:IuGE1THbF1m2MXfrILwbDsw05DhDa4nK
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultdiscoveryrat