asyncrat | b7a9152f897cb11101d370f3b1ef30d411d4e4116a57ef31d340a58952cf4c1c | Triage

Sharing

General

Target

AsyncClient.exe
Size

52KB
Sample

241218-xm4qzsyphp
MD5

422b49a2404d8e67c9cd57d46acc97d0
SHA1

89ca4038856c67d12d31750a799aa88b08acfb82
SHA256

b7a9152f897cb11101d370f3b1ef30d411d4e4116a57ef31d340a58952cf4c1c
SHA512

2d9a65aacce93def1829971071b3c02c64555c0e30deca5ff8b12d04202e4b0a5e85cce8c7e61dfad1d966fe027086e7d18e1bf1c23dbe9695f2a8e082fdc77c
SSDEEP

1536:Ou4X9Tswb2vOnZH4fAzb03lKuIvLZQ7dqx:Ou4tTswb2vOnZH4fAb038L+7wx

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

x5sql-62870.portmap.host:62870

Mutex

c2VJpocLoXmn

Attributes

delay
3
install
true
install_file
Defender.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  AsyncClient.exe
- Size
  
  52KB
- MD5
  
  422b49a2404d8e67c9cd57d46acc97d0
- SHA1
  
  89ca4038856c67d12d31750a799aa88b08acfb82
- SHA256
  
  b7a9152f897cb11101d370f3b1ef30d411d4e4116a57ef31d340a58952cf4c1c
- SHA512
  
  2d9a65aacce93def1829971071b3c02c64555c0e30deca5ff8b12d04202e4b0a5e85cce8c7e61dfad1d966fe027086e7d18e1bf1c23dbe9695f2a8e082fdc77c
- SSDEEP
  
  1536:Ou4X9Tswb2vOnZH4fAzb03lKuIvLZQ7dqx:Ou4tTswb2vOnZH4fAb038L+7wx
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat