asyncrat | 8a6d1b4d05f11143fbc05f00fe1863ce1005bf80953b012d2bdc1c40dd0468b8 | Triage

Sharing

General

Target

8340_output.zip
Size

54KB
Sample

241228-aczb7asldw
MD5

a08ad93b605fc4b7de941393c9de06a3
SHA1

7d1a6a6a74114bd2ee5e83c80805ce20d0cc9942
SHA256

8a6d1b4d05f11143fbc05f00fe1863ce1005bf80953b012d2bdc1c40dd0468b8
SHA512

720ed6d95808778651fd9b2576bfafef8a590a541bf16002931226d0e3e33a617632412346403574794b009a8b2f2cce20d66a13c491e1a817eb6b5ae1263fcd
SSDEEP

1536:8IlN/6tE9o27L4tgIw/+tEFhTZ9gRMx6Ub:8ImtEC27Upt0NZWR89

Score

10^/10

asyncrat default discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

87.120.113.125:55644

Mutex

E0GLVPl3iUqi

Attributes

delay
3
install
false
install_file
winserve.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  4551_output.vbs
- Size
  
  204KB
- MD5
  
  3fbd3b678d861076338cc2839f315f8a
- SHA1
  
  06738e398143f4f15ba633d9fbf0bf84df14c81e
- SHA256
  
  cf9d43a42cb972311c8f75bccd9248d356879f205dbb037f1100c1777c4a2965
- SHA512
  
  1b097663be0fade854d1756b8db848d0009f15964951ec94f5b61c7255e7cf247dfd94fca63a4da039fd8f73c5f1816016a0cd220c0b1d49e026279ef2068cf8
- SSDEEP
  
  1536:abfH0Kj03LRy+CTb2PxmivrdVdKuTtwbDGgwVZYT/4HHO+D1FMbK:a7H0Kj0c+CoXvhvT+bzwTYUHH9D12bK
Score

10^/10

asyncrat default discovery execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryexecutionrat

behavioral2

asyncratdefaultdiscoveryexecutionrat

behavioral3

asyncratdefaultdiscoveryexecutionrat