asyncrat | bac0b67b6a6ffaea1aa1cd97802e9e7f45f6ab68f60dc4ebd71f943848530838 | Triage

Sharing

General

Target

bac0b67b6a6ffaea1aa1cd97802e9e7f45f6ab68f60dc4ebd71f943848530838.bat
Size

14KB
Sample

241209-c9ep6atlap
MD5

7d4fd0768b8cba2af39bf88ba789e27a
SHA1

31315e8bc69d8ff9d3764071b0c9def830dabf58
SHA256

bac0b67b6a6ffaea1aa1cd97802e9e7f45f6ab68f60dc4ebd71f943848530838
SHA512

101971fafe90fa9e703bb4d62208f984fe3162044bf30b2ed16f5cd9dc16d2e9a9770fccd37cfee3796b4f222035418dc0ab79df1a99faeb385889341972c754
SSDEEP

192:7xM/+aHdczpj/j3TG996TG1lyXuMFtOxHlsTdEKxnH9ONGUe7FQGIAAApkF32GAI:7xa9e/zw96TG1uWxFtqHtF0YnMF

Score

10^/10

asyncrat default discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

103.125.189.155:8848

Mutex

DcRatMutex_adxzvxv

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  bac0b67b6a6ffaea1aa1cd97802e9e7f45f6ab68f60dc4ebd71f943848530838.bat
- Size
  
  14KB
- MD5
  
  7d4fd0768b8cba2af39bf88ba789e27a
- SHA1
  
  31315e8bc69d8ff9d3764071b0c9def830dabf58
- SHA256
  
  bac0b67b6a6ffaea1aa1cd97802e9e7f45f6ab68f60dc4ebd71f943848530838
- SHA512
  
  101971fafe90fa9e703bb4d62208f984fe3162044bf30b2ed16f5cd9dc16d2e9a9770fccd37cfee3796b4f222035418dc0ab79df1a99faeb385889341972c754
- SSDEEP
  
  192:7xM/+aHdczpj/j3TG996TG1lyXuMFtOxHlsTdEKxnH9ONGUe7FQGIAAApkF32GAI:7xa9e/zw96TG1uWxFtqHtF0YnMF
Score

10^/10

execution asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops startup file
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultdiscoveryexecutionrat