asyncrat | 2e9e0f2d4fc1c4013bf3d1db520d1d87e2afc58731755a7558d4d18fe983629a | Triage

Sharing

General

Target

loader.ps1
Size

11.3MB
Sample

241130-r6bxes1kgr
MD5

d924535764653d4d497f8108eb3a73f6
SHA1

159965b3bb13b8b5342e5c066f0730c01f686ec4
SHA256

2e9e0f2d4fc1c4013bf3d1db520d1d87e2afc58731755a7558d4d18fe983629a
SHA512

e3ad61e714379c67a11fc8b67685bfe869683af28b6b76b6153c1ca6d9a3bb21cb82bc33a2e1b692950efc6d1360b7d2ef96060f7ffe79787b03ed734ba95d8a
SSDEEP

49152:im53RCZEQc0OznnfCUm4vRVjSfvCdDVuO2dXERKmW:0

Score

10^/10

asyncrat default execution rat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

91.92.252.234:3232

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  loader.ps1
- Size
  
  11.3MB
- MD5
  
  d924535764653d4d497f8108eb3a73f6
- SHA1
  
  159965b3bb13b8b5342e5c066f0730c01f686ec4
- SHA256
  
  2e9e0f2d4fc1c4013bf3d1db520d1d87e2afc58731755a7558d4d18fe983629a
- SHA512
  
  e3ad61e714379c67a11fc8b67685bfe869683af28b6b76b6153c1ca6d9a3bb21cb82bc33a2e1b692950efc6d1360b7d2ef96060f7ffe79787b03ed734ba95d8a
- SSDEEP
  
  49152:im53RCZEQc0OznnfCUm4vRVjSfvCdDVuO2dXERKmW:0
Score

10^/10

execution asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Async RAT payload
  rat
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultexecutionrat