asyncrat | 7c7156bffa25093c47c8d5515b9420f3b02a3d466ba9a564d440f0cc06969ab9 | Triage

Sharing

General

Target

7c7156bffa25093c47c8d5515b9420f3b02a3d466ba9a564d440f0cc06969ab9.exe.vir
Size

15.8MB
Sample

241211-btgn5stlgl
MD5

db5818c5d7a25382f53f6f961b5d04f5
SHA1

fe5f8cfd8adf3297a2dd883951ed84af9058721d
SHA256

7c7156bffa25093c47c8d5515b9420f3b02a3d466ba9a564d440f0cc06969ab9
SHA512

1b1e3b124dba5666b3e04942b8306836b608fc639664538b70f937b4af6f0473a7d9c9e0fc6565eabc2c24e2d139171c9c227f9c648d464b8c0c346b4f899a21
SSDEEP

393216:SpNtz8jMP3N9X4VPpiFPXyK3q3kwaQNnMykEOSc:S3Z3P3N9X24Xlq3xBMz

Score

10^/10

asyncrat default discovery evasion execution persistence privilege_escalation rat

Malware Config

Extracted

Family

asyncrat

Version

v1.2.2

Botnet

Default

C2

148.66.1.18:51227

Mutex

dzglfmbhtesmed

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  7c7156bffa25093c47c8d5515b9420f3b02a3d466ba9a564d440f0cc06969ab9.exe.vir
- Size
  
  15.8MB
- MD5
  
  db5818c5d7a25382f53f6f961b5d04f5
- SHA1
  
  fe5f8cfd8adf3297a2dd883951ed84af9058721d
- SHA256
  
  7c7156bffa25093c47c8d5515b9420f3b02a3d466ba9a564d440f0cc06969ab9
- SHA512
  
  1b1e3b124dba5666b3e04942b8306836b608fc639664538b70f937b4af6f0473a7d9c9e0fc6565eabc2c24e2d139171c9c227f9c648d464b8c0c346b4f899a21
- SSDEEP
  
  393216:SpNtz8jMP3N9X4VPpiFPXyK3q3kwaQNnMykEOSc:S3Z3P3N9X24Xlq3xBMz
Score

10^/10

discovery execution asyncrat default evasion persistence privilege_escalation rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Drops file in Drivers directory
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Network Service Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

asyncratdefaultdiscoveryevasionexecutionpersistenceprivilege_escalationrat