asyncrat | 41e24d66f8bb13b08c6a41c4b4a2cbd52056edd2a17bec6f30fe3838db6d1f2d | Triage

Sharing

General

Target

4698_output.vbs
Size

203KB
Sample

241227-3tjx2ssmgj
MD5

4b6a750839856ab620fbdfc0250b3efd
SHA1

95474dd9bcf969c408911fa7500dc3ccc6416596
SHA256

41e24d66f8bb13b08c6a41c4b4a2cbd52056edd2a17bec6f30fe3838db6d1f2d
SHA512

0ce01f73301a57ca6dfacd135705f8662ba2cdd390da4afb0f9af27135f494da93d24fe5489a92de0f50766c63cef6b13db1095751f4c9f22f52d7aad87f8357
SSDEEP

1536:abfH0Kj6qf7ANcXh5/vLQbFj7zy4XGCeehA5ID0ZG5xwzA7nogV6EAmqZlJ2B:a7H0Kj6iEij49XGCecA25qgoOilJo

Score

10^/10

asyncrat default discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

87.120.113.125:2101

87.120.113.125:55644

Mutex

E0GLVPl3iUqi

Attributes

delay
3
install
false
install_file
winserve.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  4698_output.vbs
- Size
  
  203KB
- MD5
  
  4b6a750839856ab620fbdfc0250b3efd
- SHA1
  
  95474dd9bcf969c408911fa7500dc3ccc6416596
- SHA256
  
  41e24d66f8bb13b08c6a41c4b4a2cbd52056edd2a17bec6f30fe3838db6d1f2d
- SHA512
  
  0ce01f73301a57ca6dfacd135705f8662ba2cdd390da4afb0f9af27135f494da93d24fe5489a92de0f50766c63cef6b13db1095751f4c9f22f52d7aad87f8357
- SSDEEP
  
  1536:abfH0Kj6qf7ANcXh5/vLQbFj7zy4XGCeehA5ID0ZG5xwzA7nogV6EAmqZlJ2B:a7H0Kj6iEij49XGCecA25qgoOilJo
Score

10^/10

discovery execution asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

asyncratdefaultdiscoveryexecutionrat

behavioral3

asyncratdefaultdiscoveryexecutionrat

behavioral4

asyncratdefaultdiscoveryexecutionrat