asyncrat | b93f7a6bc00060f35012a98f0752f39b1293bdfc064274522031ace0486c5f05 | Triage

Sharing

General

Target

9075_output.zip
Size

53KB
Sample

241226-2x1vastrbr
MD5

a44022db1ef050e11bbace7e0e6650f3
SHA1

df47d00f161075de9ab4de13c376b1ace096b201
SHA256

b93f7a6bc00060f35012a98f0752f39b1293bdfc064274522031ace0486c5f05
SHA512

7ed7452068c7906d68a0600ea42360526e933cab8883977af96efa506f2d51a20212add7965c984ac96ded911b57a360a8c1f920221c74da5ba8d26b81fc4415
SSDEEP

1536:Va2DgN3LHeZ1P/vURjELAFoQrf9P9E2dn:VavpeZ1PnU1swlj9qw

Score

10^/10

asyncrat default discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

87.120.113.125:2101

87.120.113.125:55644

Mutex

E0GLVPl3iUqi

Attributes

delay
3
install
false
install_file
winserve.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  1557_output.vbs
- Size
  
  203KB
- MD5
  
  f340313af69ff225bf85f71c378fea27
- SHA1
  
  d2fcf71d1859866d252a193f87e6b5d017c0ae45
- SHA256
  
  57214b92aadf1f587a98a0d0eacaf47aae8516c18c5e96b7745e32b6c079a3d1
- SHA512
  
  2dc362628b59743473c5a899f77af49020876e8236c521a63c5c92aef4553c1d003c96e684279353ab67a96245cade13bbe372b5f28183f306e4275d82c10f11
- SSDEEP
  
  1536:abfH0Kj+S44//vsnrRBJZ/iJLerpid/jBCj48xvR5+DdmlZO:a7H0Kj+STnvsnVPZ/igrEOxvR5+xmlZO
Score

10^/10

asyncrat default discovery execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2 behavioral3 behavioral4 behavioral5

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryexecutionrat

behavioral2

asyncratdefaultdiscoveryexecutionrat

behavioral3

asyncratdefaultdiscoveryexecutionrat

behavioral4

asyncratdefaultdiscoveryexecutionrat

behavioral5

discoveryexecution