asyncrat | f3b264fddb4da99f002daa68859146f73cf1b1d55e98355b9f1c3a2254bda94a | Triage

Sharing

General

Target

f3b264fddb4da99f002daa68859146f73cf1b1d55e98355b9f1c3a2254bda94a.exe
Size

17KB
Sample

241211-r13syswqgy
MD5

052b465678e55a597727235381e0a7de
SHA1

e81a1b6f7c41994265c891b61ca549dc1bd95d25
SHA256

f3b264fddb4da99f002daa68859146f73cf1b1d55e98355b9f1c3a2254bda94a
SHA512

49e000b0775bb976153c25ae7dc42a24bc3f1e3158d4770af8bf0d4c6f564c8bccb966279ee296b5a3db8c791cd04219f3ad7c62f2825957f66df69a0e5b28cb
SSDEEP

384:kEGfInKqgn7PiAniAAAeXWLMN8GuTM0sg7UAmm6+5qZMXBNTV76fAw:kZfyU76AniAAAdJsCDXBNTpPw

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

192.168.1.104:8848

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  f3b264fddb4da99f002daa68859146f73cf1b1d55e98355b9f1c3a2254bda94a.exe
- Size
  
  17KB
- MD5
  
  052b465678e55a597727235381e0a7de
- SHA1
  
  e81a1b6f7c41994265c891b61ca549dc1bd95d25
- SHA256
  
  f3b264fddb4da99f002daa68859146f73cf1b1d55e98355b9f1c3a2254bda94a
- SHA512
  
  49e000b0775bb976153c25ae7dc42a24bc3f1e3158d4770af8bf0d4c6f564c8bccb966279ee296b5a3db8c791cd04219f3ad7c62f2825957f66df69a0e5b28cb
- SSDEEP
  
  384:kEGfInKqgn7PiAniAAAeXWLMN8GuTM0sg7UAmm6+5qZMXBNTV76fAw:kZfyU76AniAAAdJsCDXBNTpPw
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultdiscoveryrat