asyncrat | a027fa726a76a8afcac68958ff7f72d27d2067b9ec4c13d666d5825226821b8c | Triage

Sharing

General

Target

a027fa726a76a8afcac68958ff7f72d27d2067b9ec4c13d666d5825226821b8c
Size

450KB
Sample

241214-yhvg7aslav
MD5

15dd038348ef3ed32cd87b133099d3a3
SHA1

f4715268ad9ba4b04b19336520f757c9f4b281bb
SHA256

a027fa726a76a8afcac68958ff7f72d27d2067b9ec4c13d666d5825226821b8c
SHA512

9dd03c4016df5f4640200abc9969b0065741a68ccbc47afbf6715e1b8b35155e995aa09d15c31572b0ae908c73bc88d3f0a7bb03b2b3845797c26c2620698dcc
SSDEEP

12288:SODj9CW7P/njixh2wwh4wsaW0xRc6DYe8aQe76EaJ:/Dj9vL/jixh2wwhMZe8aGEa

Score

10^/10

asyncrat default discovery persistence rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

5.tcp.eu.ngrok.io:5555

5.tcp.eu.ngrok.io:12811

Mutex

E7ieq51pSCWw

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  a027fa726a76a8afcac68958ff7f72d27d2067b9ec4c13d666d5825226821b8c
- Size
  
  450KB
- MD5
  
  15dd038348ef3ed32cd87b133099d3a3
- SHA1
  
  f4715268ad9ba4b04b19336520f757c9f4b281bb
- SHA256
  
  a027fa726a76a8afcac68958ff7f72d27d2067b9ec4c13d666d5825226821b8c
- SHA512
  
  9dd03c4016df5f4640200abc9969b0065741a68ccbc47afbf6715e1b8b35155e995aa09d15c31572b0ae908c73bc88d3f0a7bb03b2b3845797c26c2620698dcc
- SSDEEP
  
  12288:SODj9CW7P/njixh2wwh4wsaW0xRc6DYe8aQe76EaJ:/Dj9vL/jixh2wwhMZe8aGEa
Score

10^/10

asyncrat default discovery persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoverypersistencerat

behavioral2

asyncratdefaultdiscoverypersistencerat