asyncrat | 57788c4dea47651247787df503d94a022acd05003dc02b3575ffd80ccfc9a9b6 | Triage

Sharing

General

Target

fuck triage.exe
Size

63KB
Sample

241118-cwccwawfqr
MD5

ecc1a6d24ab60e9544616a5ad925d1ef
SHA1

4ce8ba32d84fe862264926efb49d031561c86729
SHA256

57788c4dea47651247787df503d94a022acd05003dc02b3575ffd80ccfc9a9b6
SHA512

56c6d225b7af0fc17fdc233efe9d2c08cba3e44a9020ee9d39ffe84bb688683ad3dfe6b9439bb6abba09449ec691cd314b78ae390140d8cec06e91e0eab00bab
SSDEEP

768:ym0vnfEXf78awC8A+XUlJ5EY9Vmkn1+T47SBGumDbDSph0oXj93pugsSu8dpqKYC:aEXi29gdUb0h9jHuOu8dpqKmY7

Score

10^/10

asyncrat default discovery evasion execution persistence ransomware rat trojan

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

who-gabriel.gl.at.ply.gg:8000

who-gabriel.gl.at.ply.gg:45700

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  fuck triage.exe
- Size
  
  63KB
- MD5
  
  ecc1a6d24ab60e9544616a5ad925d1ef
- SHA1
  
  4ce8ba32d84fe862264926efb49d031561c86729
- SHA256
  
  57788c4dea47651247787df503d94a022acd05003dc02b3575ffd80ccfc9a9b6
- SHA512
  
  56c6d225b7af0fc17fdc233efe9d2c08cba3e44a9020ee9d39ffe84bb688683ad3dfe6b9439bb6abba09449ec691cd314b78ae390140d8cec06e91e0eab00bab
- SSDEEP
  
  768:ym0vnfEXf78awC8A+XUlJ5EY9Vmkn1+T47SBGumDbDSph0oXj93pugsSu8dpqKYC:aEXi29gdUb0h9jHuOu8dpqKmY7
Score

10^/10

asyncrat default discovery evasion execution persistence ransomware rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Executes dropped EXE
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Modifies WinLogon
  persistence
- Command and Scripting Interpreter: PowerShell
  Start PowerShell.
  execution
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultdiscoveryevasionexecutionpersistenceransomwarerattrojan