asyncrat | 003cfee0803a0d0a89be54be1c52397a7b436796ff405e5b9905e2c1ad075139 | Triage

Sharing

General

Target

Fivem External.exe
Size

47KB
Sample

241221-zj8a4syrax
MD5

e2fa7258b14f737cdbf2ccf9fb6c3738
SHA1

75cd07af307152c7f3c77fe9a1e42cf7111713ac
SHA256

003cfee0803a0d0a89be54be1c52397a7b436796ff405e5b9905e2c1ad075139
SHA512

c7da8918bfe7e8034cc34f8608ff44e73d1aee2d0a30b01af3c2eaa0b2acb947a576edd9eba36ad0ec830d6cd297c72e1b6d37a574947c9ba5111eede592a5ee
SSDEEP

768:j61TILIe8E+0YixSvHXYLuiWi8YbDgyzn7OvEgK/JXZVc6KN:j6rWRxqmzbc1nkJXZVclN

Score

10^/10

asyncrat default rat spyware stealer

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

127.0.0.1:8848

127.0.0.1:40147

147.185.221.24:8848

147.185.221.24:40147

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
true
install_file
Fivem Extenal.exe
install_folder
%Temp%

aes.plain

Targets

- Target
  
  Fivem External.exe
- Size
  
  47KB
- MD5
  
  e2fa7258b14f737cdbf2ccf9fb6c3738
- SHA1
  
  75cd07af307152c7f3c77fe9a1e42cf7111713ac
- SHA256
  
  003cfee0803a0d0a89be54be1c52397a7b436796ff405e5b9905e2c1ad075139
- SHA512
  
  c7da8918bfe7e8034cc34f8608ff44e73d1aee2d0a30b01af3c2eaa0b2acb947a576edd9eba36ad0ec830d6cd297c72e1b6d37a574947c9ba5111eede592a5ee
- SSDEEP
  
  768:j61TILIe8E+0YixSvHXYLuiWi8YbDgyzn7OvEgK/JXZVc6KN:j6rWRxqmzbc1nkJXZVclN
Score

10^/10

asyncrat default rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultratspywarestealer