asyncrat | d21a63a1bcc5afdc0eb4b00e6b82af4bdf1f634e50d0d51001a4c27ac7f84379 | Triage

Sharing

General

Target

1E45D6ABB8FA749D0FDE3EADD586E637.exe
Size

258KB
Sample

241201-mtgjxstqbm
MD5

1e45d6abb8fa749d0fde3eadd586e637
SHA1

4a961b4a92fa3fb1265f729d18f2f0638cba018a
SHA256

d21a63a1bcc5afdc0eb4b00e6b82af4bdf1f634e50d0d51001a4c27ac7f84379
SHA512

58f30c478856230c16ae7bb8425e32e0dce23d927de1d7d4697400617609a3f5dfd9ceca98426b05e240ae515ba5408af569714c9d95e17652c0e83406762900
SSDEEP

3072:Xxjla5113NyCzPWYykCbXCfe8jtgszyAVibmbJ30U11xjZjsDQBxQh68:XZla513yAykOyG2gszyjm1EUTEDO

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

2.56.179.212:4445

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
THK.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  1E45D6ABB8FA749D0FDE3EADD586E637.exe
- Size
  
  258KB
- MD5
  
  1e45d6abb8fa749d0fde3eadd586e637
- SHA1
  
  4a961b4a92fa3fb1265f729d18f2f0638cba018a
- SHA256
  
  d21a63a1bcc5afdc0eb4b00e6b82af4bdf1f634e50d0d51001a4c27ac7f84379
- SHA512
  
  58f30c478856230c16ae7bb8425e32e0dce23d927de1d7d4697400617609a3f5dfd9ceca98426b05e240ae515ba5408af569714c9d95e17652c0e83406762900
- SSDEEP
  
  3072:Xxjla5113NyCzPWYykCbXCfe8jtgszyAVibmbJ30U11xjZjsDQBxQh68:XZla513yAykOyG2gszyjm1EUTEDO
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat