asyncrat | ccdcd4e68e94bbe91802f665de9f2c4bbda2e03a0bca9bcb9364f87e6897f3a6 | Triage

Sharing

General

Target

file.ps1
Size

13.0MB
Sample

241130-rl6ajazpfp
MD5

6bff8e7fd44581cf0be3ae26a36e9ed3
SHA1

ba3d3e016de56977696e34d2931beb1f9812c958
SHA256

ccdcd4e68e94bbe91802f665de9f2c4bbda2e03a0bca9bcb9364f87e6897f3a6
SHA512

ebe61ebcb755e112f75e91c4b93f01d6cfa4a6485bdbb6e5ee51c26e219efea8f5939b804a66f513fa4d3cb5037dc2435839c6a07c435a006bb886c9b55f54ec
SSDEEP

49152:AU7wx68e4Kmfl3I7F3xuoEGCSFiRIrRHdbeI:

Score

10^/10

asyncrat default execution rat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

91.134.150.150:3232

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  file.ps1
- Size
  
  13.0MB
- MD5
  
  6bff8e7fd44581cf0be3ae26a36e9ed3
- SHA1
  
  ba3d3e016de56977696e34d2931beb1f9812c958
- SHA256
  
  ccdcd4e68e94bbe91802f665de9f2c4bbda2e03a0bca9bcb9364f87e6897f3a6
- SHA512
  
  ebe61ebcb755e112f75e91c4b93f01d6cfa4a6485bdbb6e5ee51c26e219efea8f5939b804a66f513fa4d3cb5037dc2435839c6a07c435a006bb886c9b55f54ec
- SSDEEP
  
  49152:AU7wx68e4Kmfl3I7F3xuoEGCSFiRIrRHdbeI:
Score

10^/10

execution asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Async RAT payload
  rat
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultexecutionrat