asyncrat | e64bf07778d6213ab62a2e94e764053d4378192b836715aa6552405de1e15832 | Triage

Sharing

General

Target

e64bf07778d6213ab62a2e94e764053d4378192b836715aa6552405de1e15832
Size

534KB
Sample

241121-yy9baawpey
MD5

9533800ff0c1ef9979f705d23d0a625a
SHA1

818521b032199079f6757cad27c3f5f073a131f6
SHA256

e64bf07778d6213ab62a2e94e764053d4378192b836715aa6552405de1e15832
SHA512

7f4866986310f3b20e5fdcd46f4cb61fb2d8d6c840457b77ffd1378a84901345b2e6a6b4864836eafd5b8f9764871c255feb88a0adf5b2cfee06962f403128ae
SSDEEP

12288:ZBBJwlsFlt4krssP9go6toOmpb0l65xraLr:5mibd1gbwpbW65x

Score

10^/10

asyncrat coke discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

COKE

C2

quin.ydns.eu:1962

quin.ydns.eu:1940

185.38.142.240:1962

185.38.142.240:1940

Mutex

dLOEY8XRq1oB

Attributes

delay
3
install
false
install_file
windowsBook.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  e64bf07778d6213ab62a2e94e764053d4378192b836715aa6552405de1e15832
- Size
  
  534KB
- MD5
  
  9533800ff0c1ef9979f705d23d0a625a
- SHA1
  
  818521b032199079f6757cad27c3f5f073a131f6
- SHA256
  
  e64bf07778d6213ab62a2e94e764053d4378192b836715aa6552405de1e15832
- SHA512
  
  7f4866986310f3b20e5fdcd46f4cb61fb2d8d6c840457b77ffd1378a84901345b2e6a6b4864836eafd5b8f9764871c255feb88a0adf5b2cfee06962f403128ae
- SSDEEP
  
  12288:ZBBJwlsFlt4krssP9go6toOmpb0l65xraLr:5mibd1gbwpbW65x
Score

10^/10

asyncrat coke discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratcokediscoveryrat

behavioral2

asyncratcokediscoveryrat