asyncrat

General

Target

X48-EXT-Loader.exe
Size

3.1MB
Sample

241222-l86a6avjem
MD5

e581e122721fd49ac3bd16fd6873cf73
SHA1

cc39e5a0d9c597c13d064b483d85b17b2ea4b194
SHA256

eb37b4ffa493ed2235c6324772ffe5aeaf139017c62b9db98fda14e42df3336c
SHA512

b4344623ef3b65bedf5612841a8379b69f8fb0362bbc98499c4c43019992e04b35c179791f71f524c3d639cf10d146d0370d4139cb534cc06d8c0c7af572211a
SSDEEP

49152:zFWCBLUlZtEYk8QEFfM/AYWpJqzLzg5WDw94TqaSCK2PAnbuOEa2pz7kIls:1h8EYk89fM4YWp8WaNRAbufpzQI

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

FiveM

C2

23.27.201.57:4449

Mutex

f37qp84ilrw

Attributes

delay
590
install
true
install_file
/WindowsRuntime/WindowsClientRuntime.exe
install_folder
%AppData%

aes.plain

Extracted

Family

redline

Botnet

rlma678DL4Op

C2

23.27.201.57:1337

Targets

- Target
  
  X48-EXT-Loader.exe
- Size
  
  3.1MB
- MD5
  
  e581e122721fd49ac3bd16fd6873cf73
- SHA1
  
  cc39e5a0d9c597c13d064b483d85b17b2ea4b194
- SHA256
  
  eb37b4ffa493ed2235c6324772ffe5aeaf139017c62b9db98fda14e42df3336c
- SHA512
  
  b4344623ef3b65bedf5612841a8379b69f8fb0362bbc98499c4c43019992e04b35c179791f71f524c3d639cf10d146d0370d4139cb534cc06d8c0c7af572211a
- SSDEEP
  
  49152:zFWCBLUlZtEYk8QEFfM/AYWpJqzLzg5WDw94TqaSCK2PAnbuOEa2pz7kIls:1h8EYk89fM4YWp8WaNRAbufpzQI
Score

10^/10

asyncrat redline sectoprat fivem rlma678dl4op discovery infostealer rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

3

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Asyncrat family

RedLine

RedLine payload

Redline family

SectopRAT

SectopRAT payload

Sectoprat family

Async RAT payload

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2