asyncrat | 18953637935c5dd79eeb9783f6d96fef1746fdd9cb5d3b449ef8f9a16af8758f | Triage

Sharing

General

Target

5795_output.zip
Size

33KB
Sample

241209-vr15jszmal
MD5

8d598e1e0fa7d043dfe708106eb8ecee
SHA1

3a08132e93c877a4ac72b065a32b765b131ccf2f
SHA256

18953637935c5dd79eeb9783f6d96fef1746fdd9cb5d3b449ef8f9a16af8758f
SHA512

b6b9da55f9a8cebc242436043875ee069e438590bfcd3849cb9f42bc99695c33fb7435a6908383f3040d24590ca0c35cd40ff816ad0501f50feea975fe9ea6c3
SSDEEP

768:8t2jLpSET7UCC3HXpfgy35R5/uYmLHmgAVORZOL/:a2jL8UUnZYa5RpkmgA8RZU/

Score

10^/10

asyncrat default discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

87.120.113.125:55644

Mutex

WzRdrlEJS302

Attributes

delay
3
install
true
install_file
dwmm.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  6890_output.vbs
- Size
  
  46KB
- MD5
  
  653bf44f38fbe35cb4a51a366cce85e1
- SHA1
  
  5f08110e8b8174d62eb8beb3d8eedf507dc6471c
- SHA256
  
  0442d85e2af50c1f41e7cbf46850a204cf7cfd49eb5f0244e8b60cc28c313c24
- SHA512
  
  ed5c78d769eed4667ce8cceb14af498fcf41c36db88e47611f2157708513955a188a9aa60404cb99f632ca2b10596dfad60df3a9320083b92da14529ebdded19
- SSDEEP
  
  768:msJNohJ2GoBFClzkP/TFYgZutKI/OLixhGpOQU40GmaXQq9+RfomiJrW7PuA9:mTWGsClzkmtKIxGp1UOmWYfomiKH
Score

10^/10

discovery execution asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in System32 directory
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

asyncratdefaultdiscoveryexecutionrat

behavioral3

asyncratdefaultdiscoveryexecutionrat

behavioral4

asyncratdefaultdiscoveryexecutionrat