asyncrat | 3baeef9096ffe907a5df5191cacaf937fd6033eccefe1d75bda27824ae974643 | Triage

Sharing

General

Target

bwejhfzdg.exe
Size

47KB
Sample

241211-16fp2svmbl
MD5

6370fe41da82c0517f932c86d67a5186
SHA1

44785ae42dbb4259bb14a14f8fa4454d42bc97e6
SHA256

3baeef9096ffe907a5df5191cacaf937fd6033eccefe1d75bda27824ae974643
SHA512

274078f74c489cce1723385ea9b34e3c27b99834ff93447bd5a71ab09feb03bdcd78b03655a446d8ef3e37ced1a13dd7a19b0a4166cf10695da148c00d968832
SSDEEP

768:kuo9dT1LxHaFzWUfbmBmo2qbOp0yJxiWfQ3PIyAd0b3wkJr63Ps6vMSUBDZcx:kuo9dT1LoG23pTiWfVyjb3wkJ63Ps6Uw

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

gba-all-twice-reputation.trycloudflare.com:6606

gba-all-twice-reputation.trycloudflare.com:7707

gba-all-twice-reputation.trycloudflare.com:8808

Mutex

PLYz880kniL1

Attributes

delay
3
install
true
install_file
roar.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  bwejhfzdg.exe
- Size
  
  47KB
- MD5
  
  6370fe41da82c0517f932c86d67a5186
- SHA1
  
  44785ae42dbb4259bb14a14f8fa4454d42bc97e6
- SHA256
  
  3baeef9096ffe907a5df5191cacaf937fd6033eccefe1d75bda27824ae974643
- SHA512
  
  274078f74c489cce1723385ea9b34e3c27b99834ff93447bd5a71ab09feb03bdcd78b03655a446d8ef3e37ced1a13dd7a19b0a4166cf10695da148c00d968832
- SSDEEP
  
  768:kuo9dT1LxHaFzWUfbmBmo2qbOp0yJxiWfQ3PIyAd0b3wkJr63Ps6vMSUBDZcx:kuo9dT1LoG23pTiWfVyjb3wkJ63Ps6Uw
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat