asyncrat | 86ece09ea423f5fb3b176abcafdc0a38b6854b030918bb7341a65b2857481f6f | Triage

Sharing

General

Target

ryetool.exe
Size

12.3MB
Sample

241207-qfnb4atjgs
MD5

d584ab9351c9d9bfacd84e17b5eed194
SHA1

5218aed4e0a2ec12d6a85fa1ab61454b6dbe4f6e
SHA256

86ece09ea423f5fb3b176abcafdc0a38b6854b030918bb7341a65b2857481f6f
SHA512

452cb0759ab86af2f92395fdf59c221ba940d048664c8a5884bb0b541ad3179265e1c93fe89a034d0b9b0696b93dbf0937d00cb9f8cb2516ddcec779ba7645d0
SSDEEP

393216:8Sa2mgNe/2js3U8G2JJGzJxJhddkOnxsjM6WctX0Nw:8Sa2m+e/2+U8G2JJ8xfvsjM6/pGw

Score

10^/10

asyncrat default persistence rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

fojeweb571-45302.portmap.host:4782

fojeweb571-45302.portmap.host:45302

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
true
install_file
windows defender firewall.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  ryetool.exe
- Size
  
  12.3MB
- MD5
  
  d584ab9351c9d9bfacd84e17b5eed194
- SHA1
  
  5218aed4e0a2ec12d6a85fa1ab61454b6dbe4f6e
- SHA256
  
  86ece09ea423f5fb3b176abcafdc0a38b6854b030918bb7341a65b2857481f6f
- SHA512
  
  452cb0759ab86af2f92395fdf59c221ba940d048664c8a5884bb0b541ad3179265e1c93fe89a034d0b9b0696b93dbf0937d00cb9f8cb2516ddcec779ba7645d0
- SSDEEP
  
  393216:8Sa2mgNe/2js3U8G2JJGzJxJhddkOnxsjM6WctX0Nw:8Sa2m+e/2+U8G2JJ8xfvsjM6/pGw
Score

10^/10

asyncrat default persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultpersistencerat