asyncrat | 3264d80b841271f4c5da008feb2b11ba2e5702ad8bed7751d8a53883f75d1738 | Triage

Sharing

General

Target

3264d80b841271f4c5da008feb2b11ba2e5702ad8bed7751d8a53883f75d1738
Size

261KB
Sample

241205-zvrgqs1re1
MD5

9206cb7b2e14f4801a597894a156b8e5
SHA1

c0a84cb768f5848b83fafd0f3b7313a60d0cec9a
SHA256

3264d80b841271f4c5da008feb2b11ba2e5702ad8bed7751d8a53883f75d1738
SHA512

1aabb8ef8b18d49baf39f0fe65b941f7ac02dc6fb2bd4cddc86e1bb889cf745fd7de980bfe96365ccdc0a168fb4424c6edbd724b50f265303dd812a44b1b830a
SSDEEP

6144:vuEat9Zl5bubNNUXeEdQ2BHyaUFRwFCX0hVt:v8lOafLRmFaCmt

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

chela.ddns.net:1177

Mutex

CF6aV8bVJb6I

Attributes

delay
3
install
true
install_file
AyoubHDJ04.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  3264d80b841271f4c5da008feb2b11ba2e5702ad8bed7751d8a53883f75d1738
- Size
  
  261KB
- MD5
  
  9206cb7b2e14f4801a597894a156b8e5
- SHA1
  
  c0a84cb768f5848b83fafd0f3b7313a60d0cec9a
- SHA256
  
  3264d80b841271f4c5da008feb2b11ba2e5702ad8bed7751d8a53883f75d1738
- SHA512
  
  1aabb8ef8b18d49baf39f0fe65b941f7ac02dc6fb2bd4cddc86e1bb889cf745fd7de980bfe96365ccdc0a168fb4424c6edbd724b50f265303dd812a44b1b830a
- SSDEEP
  
  6144:vuEat9Zl5bubNNUXeEdQ2BHyaUFRwFCX0hVt:v8lOafLRmFaCmt
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat