asyncrat | c344f9de1aa1bf284d8281aff7b216ca85b2dde7fc05e1d13b5abcef37d4ca0d | Triage

Sharing

General

Target

c344f9de1aa1bf284d8281aff7b216ca85b2dde7fc05e1d13b5abcef37d4ca0d.exe
Size

811KB
Sample

250106-hel4msypfx
MD5

e3ae2dc9b8b0582a266871b52e85c36f
SHA1

f783d1d0354bf3ad1dc4e506e4df3250a89ee765
SHA256

c344f9de1aa1bf284d8281aff7b216ca85b2dde7fc05e1d13b5abcef37d4ca0d
SHA512

c670e3d4bd63e054ca9d70ff1588e1c263cf73ca24f1be6f9cde9222e6c351b87e9c2855b42c50f5b92eea7e683ec62b67a2e7c2a0dae1a29e080113435ad438
SSDEEP

24576:qMjhsJkMwFz7D6h0lgoyM3VcH17lpMbTuIGVaiM2a:5zZFDaoIpMHGVa52a

Score

10^/10

asyncrat default discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

v1.2.2

Botnet

Default

C2

38.49.56.2:56003

38.49.56.2:56004

38.49.56.2:56005

Mutex

gkggeeqkwjd

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  c344f9de1aa1bf284d8281aff7b216ca85b2dde7fc05e1d13b5abcef37d4ca0d.exe
- Size
  
  811KB
- MD5
  
  e3ae2dc9b8b0582a266871b52e85c36f
- SHA1
  
  f783d1d0354bf3ad1dc4e506e4df3250a89ee765
- SHA256
  
  c344f9de1aa1bf284d8281aff7b216ca85b2dde7fc05e1d13b5abcef37d4ca0d
- SHA512
  
  c670e3d4bd63e054ca9d70ff1588e1c263cf73ca24f1be6f9cde9222e6c351b87e9c2855b42c50f5b92eea7e683ec62b67a2e7c2a0dae1a29e080113435ad438
- SSDEEP
  
  24576:qMjhsJkMwFz7D6h0lgoyM3VcH17lpMbTuIGVaiM2a:5zZFDaoIpMHGVa52a
Score

10^/10

discovery asyncrat default execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Command and Scripting Interpreter: PowerShell
  Run Powershell to execute payload.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultdiscoveryexecutionrat