asyncrat | 60d1e55a7d30437b3763f34ec2fad55fc02d92a93d54c64a9972dfe0dd019826 | Triage

Sharing

General

Target

update.cmd
Size

60KB
Sample

241130-sapdbawqhx
MD5

25821577dc3c4fb26ad9459e6ea11c30
SHA1

c0ee3c0991cfddc2a1f0c7b339da2c23624783fe
SHA256

60d1e55a7d30437b3763f34ec2fad55fc02d92a93d54c64a9972dfe0dd019826
SHA512

02f0baf1f78ad6ce4f75742e27a3e33cf9d52d184fcb6837d95f8e1a94ff08dad448122a6e71a68b4bfa0f05abf18fb4a159bc531d9f777afd34b285178d84c1
SSDEEP

1536:0RmcRy63BbIxxrQSAQz9mu45kjqrNM3zLX20SiJUmstIDsc9a8K7Jm:0RjVBQ5A49QrrNuzLXMiJU5tIDpgj7U

Score

10^/10

asyncrat default execution rat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

91.134.150.150:3232

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  update.cmd
- Size
  
  60KB
- MD5
  
  25821577dc3c4fb26ad9459e6ea11c30
- SHA1
  
  c0ee3c0991cfddc2a1f0c7b339da2c23624783fe
- SHA256
  
  60d1e55a7d30437b3763f34ec2fad55fc02d92a93d54c64a9972dfe0dd019826
- SHA512
  
  02f0baf1f78ad6ce4f75742e27a3e33cf9d52d184fcb6837d95f8e1a94ff08dad448122a6e71a68b4bfa0f05abf18fb4a159bc531d9f777afd34b285178d84c1
- SSDEEP
  
  1536:0RmcRy63BbIxxrQSAQz9mu45kjqrNM3zLX20SiJUmstIDsc9a8K7Jm:0RjVBQ5A49QrrNuzLXMiJU5tIDpgj7U
Score

10^/10

asyncrat default execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultexecutionrat