asyncrat | 2432d3c26f9cc527403a4fc1f6a7d8a9e8646cc220660fa408cf8613de7b7001 | Triage

Sharing

General

Target

2432d3c26f9cc527403a4fc1f6a7d8a9e8646cc220660fa408cf8613de7b7001
Size

48KB
Sample

241117-s396gstakd
MD5

cf34ddd4811d4dc055b8d5cd133af1fc
SHA1

cdb3c5623ed5c9732b1d49a43e61873d86ea87b3
SHA256

2432d3c26f9cc527403a4fc1f6a7d8a9e8646cc220660fa408cf8613de7b7001
SHA512

2537eff86dcf84862257e90631192c3b2af4077e54343143a1ada14c40c37a31492877f33ffc12b0505eede1972f4fb986d4e672b53397a96e447b281f17db8b
SSDEEP

768:SuwpFTAY3IQWUe9jqmo2qLEhVDBNwGqrFPIuY29RzTw0bPb9s4RVy5zPCAuBDZog:SuwpFTA4/2/DYGLuY2LbPps4OtC/dog

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

mtf.wiki:6606

mtf.wiki:7707

mtf.wiki:8808

Mutex

5fMCOVMxE37C

Attributes

delay
3
install
true
install_file
mtfwiki.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  2432d3c26f9cc527403a4fc1f6a7d8a9e8646cc220660fa408cf8613de7b7001
- Size
  
  48KB
- MD5
  
  cf34ddd4811d4dc055b8d5cd133af1fc
- SHA1
  
  cdb3c5623ed5c9732b1d49a43e61873d86ea87b3
- SHA256
  
  2432d3c26f9cc527403a4fc1f6a7d8a9e8646cc220660fa408cf8613de7b7001
- SHA512
  
  2537eff86dcf84862257e90631192c3b2af4077e54343143a1ada14c40c37a31492877f33ffc12b0505eede1972f4fb986d4e672b53397a96e447b281f17db8b
- SSDEEP
  
  768:SuwpFTAY3IQWUe9jqmo2qLEhVDBNwGqrFPIuY29RzTw0bPb9s4RVy5zPCAuBDZog:SuwpFTA4/2/DYGLuY2LbPps4OtC/dog
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat