asyncrat | a4fe1b3db7fa16077a2631c87ba51db6477c0ca7444d2b5a78d9a8715ea4c0a7 | Triage

Sharing

General

Target

Client.exe
Size

48KB
Sample

241214-v9rc3a1meq
MD5

d9b8c518ec57c033af08d0bdb79066d6
SHA1

a32af51564394ce258f8be78835d7a3d525a5a40
SHA256

a4fe1b3db7fa16077a2631c87ba51db6477c0ca7444d2b5a78d9a8715ea4c0a7
SHA512

9abf1cf1d73f63dbd5c2c36641af68f8b1ee8a13f35b428a49b21d1c7c150a8a91058def9fd98ba6bef99cbb6acbbf81fe396aab6dcfc11acce584f3c38f0c0d
SSDEEP

768:O9WBILLEZ9+RiEtelDSN+iV08YbygeWYb1ywPvevEgK/JIZVc6KN:O9cfEtKDs4zb1tYbIwPvenkJIZVclN

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

127.0.0.1:8848

127.0.0.1:40721

127.0.0.1:50140

Binky812-40721.portmap.host:8848

Binky812-40721.portmap.host:40721

Binky812-40721.portmap.host:50140

hell4563o-50140.portmap.host:8848

hell4563o-50140.portmap.host:40721

hell4563o-50140.portmap.host:50140

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
true
install_file
MinecraftUpdater.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Client.exe
- Size
  
  48KB
- MD5
  
  d9b8c518ec57c033af08d0bdb79066d6
- SHA1
  
  a32af51564394ce258f8be78835d7a3d525a5a40
- SHA256
  
  a4fe1b3db7fa16077a2631c87ba51db6477c0ca7444d2b5a78d9a8715ea4c0a7
- SHA512
  
  9abf1cf1d73f63dbd5c2c36641af68f8b1ee8a13f35b428a49b21d1c7c150a8a91058def9fd98ba6bef99cbb6acbbf81fe396aab6dcfc11acce584f3c38f0c0d
- SSDEEP
  
  768:O9WBILLEZ9+RiEtelDSN+iV08YbygeWYb1ywPvevEgK/JIZVc6KN:O9cfEtKDs4zb1tYbIwPvenkJIZVclN
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat