asyncrat | f14b7f876ecb5bacc5120e1668553999859ebffa1ac170f41534bc57b81ed56f | Triage

Sharing

General

Target

f14b7f876ecb5bacc5120e1668553999859ebffa1ac170f41534bc57b81ed56f.exe
Size

198KB
Sample

241210-13g4ps1qf1
MD5

70c1d5995250531aa6424855ccedab50
SHA1

298289d4dff379409672e646b3cdd2b8672fe491
SHA256

f14b7f876ecb5bacc5120e1668553999859ebffa1ac170f41534bc57b81ed56f
SHA512

a978d3e4da9a8a571bea71866f9642947ac20466279f08b7dd16082ad41722a4f312e8442dd2e5df13fff749b75c16b5541d6b472d6bfeb3956a3d20fe12c81a
SSDEEP

3072:GZxOh04NBEUvgRvI+yh5pbX7S+t4Cekw3nSGsQ8c4IgzW8L7hdpQ:GjwPNBEsUZyvtX7S+CV3S4ay8L7hg

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

192.168.1.104:8848

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  f14b7f876ecb5bacc5120e1668553999859ebffa1ac170f41534bc57b81ed56f.exe
- Size
  
  198KB
- MD5
  
  70c1d5995250531aa6424855ccedab50
- SHA1
  
  298289d4dff379409672e646b3cdd2b8672fe491
- SHA256
  
  f14b7f876ecb5bacc5120e1668553999859ebffa1ac170f41534bc57b81ed56f
- SHA512
  
  a978d3e4da9a8a571bea71866f9642947ac20466279f08b7dd16082ad41722a4f312e8442dd2e5df13fff749b75c16b5541d6b472d6bfeb3956a3d20fe12c81a
- SSDEEP
  
  3072:GZxOh04NBEUvgRvI+yh5pbX7S+t4Cekw3nSGsQ8c4IgzW8L7hdpQ:GjwPNBEsUZyvtX7S+CV3S4ay8L7hg
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultdiscoveryrat