asyncrat | f119af94e527030335c30655a23723fc9d62b8ea854968245add5237789bd766 | Triage

Sharing

General

Target

Infected.exe
Size

640KB
Sample

241204-d5z1zazmgy
MD5

1584a5810de6bfc7c3dff164710e0138
SHA1

e9923c7954ff83bb2bc82e04ee9857adcdfc23eb
SHA256

f119af94e527030335c30655a23723fc9d62b8ea854968245add5237789bd766
SHA512

07267af21244580cdeb22163c7bb25852f65454e36f6668123d003f60cb31338b4888cb9b849e8959b5509ee659a7128f1e896ea7a8d995d7a79a15a3f4b8d04
SSDEEP

12288:xyveQB/fTHIGaPkKEYzURNAwbAgB2X+t4vBQX/g+mFaaj22:xuDXTIGaPhEYzUzA0/0vBbjT

Score

10^/10

asyncrat default execution rat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:37754

tcp://nasdnasnd-55496.portmap.host:55496:37754

tcp://nasdnasnd-55496.portmap.host:37754

floor-getting.gl.at.ply.gg:37754

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Infected.exe
- Size
  
  640KB
- MD5
  
  1584a5810de6bfc7c3dff164710e0138
- SHA1
  
  e9923c7954ff83bb2bc82e04ee9857adcdfc23eb
- SHA256
  
  f119af94e527030335c30655a23723fc9d62b8ea854968245add5237789bd766
- SHA512
  
  07267af21244580cdeb22163c7bb25852f65454e36f6668123d003f60cb31338b4888cb9b849e8959b5509ee659a7128f1e896ea7a8d995d7a79a15a3f4b8d04
- SSDEEP
  
  12288:xyveQB/fTHIGaPkKEYzURNAwbAgB2X+t4vBQX/g+mFaaj22:xuDXTIGaPhEYzUzA0/0vBbjT
Score

10^/10

execution asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultexecutionrat