asyncrat | 65b18e0843829b1d85ce47307aba784ee659a2e2a164c584155211d764bb4ec3 | Triage

Submit
Reports

Overview

overview

Static

static

1

loader.bat

windows10-2004-x64

Sharing

General

Target

loader.bat
Size

540B
Sample

241127-vvwdgaspdw
MD5

a589333e5f49d10e2f2cad3f7315db41
SHA1

37c5bea8569e3bfd0caece0b8d88d817eab73e16
SHA256

65b18e0843829b1d85ce47307aba784ee659a2e2a164c584155211d764bb4ec3
SHA512

6b73eccb11430d34b4e74074a050985ee3211751b8e7bd50d94afc55b4b7e54f33f85f98e5f460278675368984169c02d7feb9eccc9284844901147ddb75544a

Score

10^/10

asyncrat default discovery execution rat

Static task

static1

Behavioral task

behavioral1

Sample

loader.bat

Resource

win10v2004-20241007-en

asyncrat default discovery execution rat

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

one-accordance.gl.at.ply.gg:9590

Attributes

delay
1
install
true
install_file
Windows Defender.exe
install_folder
%AppData%

aes.plain

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

66.66.146.74:9511

Mutex

nwJFeGdDXcL2

Attributes

delay
3
install
true
install_file
System32.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  loader.bat
- Size
  
  540B
- MD5
  
  a589333e5f49d10e2f2cad3f7315db41
- SHA1
  
  37c5bea8569e3bfd0caece0b8d88d817eab73e16
- SHA256
  
  65b18e0843829b1d85ce47307aba784ee659a2e2a164c584155211d764bb4ec3
- SHA512
  
  6b73eccb11430d34b4e74074a050985ee3211751b8e7bd50d94afc55b4b7e54f33f85f98e5f460278675368984169c02d7feb9eccc9284844901147ddb75544a
Score

10^/10

asyncrat default discovery execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryexecutionrat

© 2018-2024

Terms | Privacy