asyncrat | 3c84eb6288d0e34439ff33bf52446d8d24651f57d1da51e1dd0de3c9a8e3b9ca | Triage

Sharing

General

Target

3c84eb6288d0e34439ff33bf52446d8d24651f57d1da51e1dd0de3c9a8e3b9ca.exe
Size

491KB
Sample

241122-ld1gestqek
MD5

12d200d7d82b3c47cd702cb09f7424fa
SHA1

2da9a07a081dcd9cf68bfebf39ab6ca0a22bae76
SHA256

3c84eb6288d0e34439ff33bf52446d8d24651f57d1da51e1dd0de3c9a8e3b9ca
SHA512

b418ca46bfe47eee7b8c5da29d0a80113c6264ba282e4c78783e870fc241ab431cb8427a2723f63a9749cd2b766405acf997c85501e4a18f17484d40c3f4f8c5
SSDEEP

12288:byrjnZPxkyx8gmoYSZtIEOZU8HocYnKrTSOk:baPx9dtIEOZU+ochGD

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

202.55.133.118:5200

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  3c84eb6288d0e34439ff33bf52446d8d24651f57d1da51e1dd0de3c9a8e3b9ca.exe
- Size
  
  491KB
- MD5
  
  12d200d7d82b3c47cd702cb09f7424fa
- SHA1
  
  2da9a07a081dcd9cf68bfebf39ab6ca0a22bae76
- SHA256
  
  3c84eb6288d0e34439ff33bf52446d8d24651f57d1da51e1dd0de3c9a8e3b9ca
- SHA512
  
  b418ca46bfe47eee7b8c5da29d0a80113c6264ba282e4c78783e870fc241ab431cb8427a2723f63a9749cd2b766405acf997c85501e4a18f17484d40c3f4f8c5
- SSDEEP
  
  12288:byrjnZPxkyx8gmoYSZtIEOZU8HocYnKrTSOk:baPx9dtIEOZU+ochGD
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat