asyncrat | 1034cb1effff3e411b07d3d8a318b5b6d4164d3feea9151c857715abd8ee2f9e | Triage

Sharing

General

Target

6074_8vommonq.zip
Size

38KB
Sample

241209-y4b8qsvmfm
MD5

5ae66a1c13cda3a2e323258cb6295a06
SHA1

4ba241d78a46391c6e886067e355eee6a99383d9
SHA256

1034cb1effff3e411b07d3d8a318b5b6d4164d3feea9151c857715abd8ee2f9e
SHA512

a6dc7b07e5eff78c2bbf36155287f86195b2647a38cb7c18b6c9541edee00c24907eb9266136e3d52456d56399c402c4ac194c313a33e83a3d6bdcc2414be809
SSDEEP

768:nswuYRk2VMoBX09m5N1TqUnY92W+e17i01hLNtNqVE6mUSNxU10:swbRktoBCmtTcdXtNfDbP

Score

10^/10

asyncrat default discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

jt8iyre.localto.net:55644

jt8iyre.localto.net:2101

Mutex

WzRdrlEJS302

Attributes

delay
3
install
false
install_file
dwmm.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  1821_output.vbs
- Size
  
  61KB
- MD5
  
  6943e4c37b93c2a81a98a81e36d2d5ce
- SHA1
  
  ad2ba17165344f88b6bf0befaac528feb8a3280f
- SHA256
  
  57bf3620d73728f07bed5cd48af70ca89dc70721b62c084f5f0feebed7f81a4f
- SHA512
  
  78034880a195d5dc7729a6c7631a660f9945dd368a86b50b458e70e0191a7953ba47435c242c94ce8548832e4920e08949fcb1aa099d5d7b927da9bc9b69cf80
- SSDEEP
  
  768:ni1+nYY2MDjo2CLlIbkrMvrIzkoILj2AA3drdg8KCklQCdUq13ZZIwX+Ay6Iwcgh:iXvlIkgvrWC3ASCk0q13HX+C9czhG
Score

10^/10

asyncrat default discovery execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2 behavioral3 behavioral4 behavioral5

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryexecutionrat

behavioral2

discoveryexecution

behavioral3

asyncratdefaultdiscoveryexecutionrat

behavioral4

asyncratdefaultdiscoveryexecutionrat

behavioral5

discoveryexecution