asyncrat | 309dfe4802b630e6a8f272364889fcf1ec6a29b9cc71db496eb634396d3c69ca | Triage

Submit
Reports

Overview

overview

Static

static

1

RobloxPlayerBeta.exe

windows10-ltsc 2021-x64

1

RobloxPlayerBeta.exe

windows11-21h2-x64

Sharing

General

Target

RobloxPlayerBeta.exe
Size

94.5MB
Sample

241225-yjtmaavqbl
MD5

d49e28811ffc4220a9d598d9cbf27623
SHA1

520e919ed6b472bf1ba2a2a31e58a5f5428764b7
SHA256

309dfe4802b630e6a8f272364889fcf1ec6a29b9cc71db496eb634396d3c69ca
SHA512

94bbf30a5c8c37ad54b697413f89248ddff97eb62a4719cf9dca7dfec78e11d3b5cadfd4d33864ca40051e83a9bb47dbf8087da5a22fa720e74ae26e50434e19
SSDEEP

1572864:0JiAuZGYFTxAEnpfkC1LoBobpAoNwdzHM7FLfpJRN2ogRUlygSBjx6UM6aZcST/:0sAUGYFtAypfDoBasQBRN2ogKFSBjxYp

Score

10^/10

asyncrat default discovery phishing rat

Static task

static1

Behavioral task

behavioral1

Sample

RobloxPlayerBeta.exe

Resource

win10ltsc2021-20241211-en

windows10-ltsc 2021-x64

0 signatures

900 seconds

Behavioral task

behavioral2

Sample

RobloxPlayerBeta.exe

Resource

win11-20241007-en

asyncrat default discovery phishing rat

windows11-21h2-x64

25 signatures

900 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

192.168.40.236:6606

192.168.40.236:7707

192.168.40.236:8808

Mutex

pP6mzysZgTAW

Attributes

delay
3
install
true
install_file
xx.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  RobloxPlayerBeta.exe
- Size
  
  94.5MB
- MD5
  
  d49e28811ffc4220a9d598d9cbf27623
- SHA1
  
  520e919ed6b472bf1ba2a2a31e58a5f5428764b7
- SHA256
  
  309dfe4802b630e6a8f272364889fcf1ec6a29b9cc71db496eb634396d3c69ca
- SHA512
  
  94bbf30a5c8c37ad54b697413f89248ddff97eb62a4719cf9dca7dfec78e11d3b5cadfd4d33864ca40051e83a9bb47dbf8087da5a22fa720e74ae26e50434e19
- SSDEEP
  
  1572864:0JiAuZGYFTxAEnpfkC1LoBobpAoNwdzHM7FLfpJRN2ogRUlygSBjx6UM6aZcST/:0sAUGYFtAypfDoBasQBRN2ogKFSBjxYp
Score

10^/10

asyncrat default discovery phishing rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- A potential corporate email address has been identified in the URL: [email protected]
  phishing
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultdiscoveryphishingrat

© 2018-2024

Terms | Privacy