asyncrat | 631f9e498289dbc6c16e5dd35c516641016e0f0169bc422cb4f8114a78b25730 | Triage

Sharing

General

Target

631f9e498289dbc6c16e5dd35c516641016e0f0169bc422cb4f8114a78b25730.exe
Size

63KB
Sample

241121-yvd1za1jdr
MD5

1636769fc06d9392049e48f3774517fe
SHA1

1bd081c4546bf97630aba694500c449fd4d15b4b
SHA256

631f9e498289dbc6c16e5dd35c516641016e0f0169bc422cb4f8114a78b25730
SHA512

8f3c068ff1a5a4be901cad60517f9ada23905d4726435a575a259dd29e9f9b94d447f85933044600ef5afd9607e3fb980ca6d7c32c6237291dcd065ec615b08d
SSDEEP

1536:PmImx6tX2kNff4sKu+UYFv0DQgb1APVmIcrPlTGBxK:Pm9x6tmkN7Ku+UYFfgb16mIcd6xK

Score

10^/10

asyncrat *** 19 nov ***discovery rat spyware stealer

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

*** 19 NOV ***

C2

19nov2024.duckdns.org:9003

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  631f9e498289dbc6c16e5dd35c516641016e0f0169bc422cb4f8114a78b25730.exe
- Size
  
  63KB
- MD5
  
  1636769fc06d9392049e48f3774517fe
- SHA1
  
  1bd081c4546bf97630aba694500c449fd4d15b4b
- SHA256
  
  631f9e498289dbc6c16e5dd35c516641016e0f0169bc422cb4f8114a78b25730
- SHA512
  
  8f3c068ff1a5a4be901cad60517f9ada23905d4726435a575a259dd29e9f9b94d447f85933044600ef5afd9607e3fb980ca6d7c32c6237291dcd065ec615b08d
- SSDEEP
  
  1536:PmImx6tX2kNff4sKu+UYFv0DQgb1APVmIcrPlTGBxK:Pm9x6tmkN7Ku+UYFfgb16mIcd6xK
Score

10^/10

asyncrat *** 19 nov ***discovery rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

rat*** 19 nov ***asyncrat

behavioral1

asyncrat*** 19 nov ***discoveryratspywarestealer

behavioral2

asyncrat*** 19 nov ***discoveryratspywarestealer