asyncrat | 91542661ee655caabae948eb3a7e9a2a96ea3bbb389735db9c860d33d1390755 | Triage

Sharing

General

Target

91542661ee655caabae948eb3a7e9a2a96ea3bbb389735db9c860d33d1390755.exe
Size

16KB
Sample

241211-r77qgsxkbw
MD5

bf7fe6eb5bb1370037fb32f2ca3af19d
SHA1

e84b45ef4672259fa6ba963c1d49683343c4e1dd
SHA256

91542661ee655caabae948eb3a7e9a2a96ea3bbb389735db9c860d33d1390755
SHA512

0ac27873c53bbac3e3b108b282f848a61638c17ec3ca4effa9e477e19a48661bb79671f87ab28cb7fcb5595e4908cde4362711f7487abffca483f0799524e33f
SSDEEP

384:rEfOryV5/k95TsZmLMN8GuTs0sg7UVOmhXpTV7qfOA:rFCA4gtsBhXpTpBA

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

192.168.1.104:8848

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  91542661ee655caabae948eb3a7e9a2a96ea3bbb389735db9c860d33d1390755.exe
- Size
  
  16KB
- MD5
  
  bf7fe6eb5bb1370037fb32f2ca3af19d
- SHA1
  
  e84b45ef4672259fa6ba963c1d49683343c4e1dd
- SHA256
  
  91542661ee655caabae948eb3a7e9a2a96ea3bbb389735db9c860d33d1390755
- SHA512
  
  0ac27873c53bbac3e3b108b282f848a61638c17ec3ca4effa9e477e19a48661bb79671f87ab28cb7fcb5595e4908cde4362711f7487abffca483f0799524e33f
- SSDEEP
  
  384:rEfOryV5/k95TsZmLMN8GuTs0sg7UVOmhXpTV7qfOA:rFCA4gtsBhXpTpBA
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultdiscoveryrat