asyncrat | f692d18b03aa9961131433c6728cbf4129ae3f18a96ccec46976d2f7c0dfaeb6 | Triage

Sharing

General

Target

f692d18b03aa9961131433c6728cbf4129ae3f18a96ccec46976d2f7c0dfaeb6
Size

445KB
Sample

250106-t4s42a1pbv
MD5

1f7f15144e2c5b2cd4f4f5bba5275e83
SHA1

684ef738364acdf7b60f3c9ffda719e6f06a06d7
SHA256

f692d18b03aa9961131433c6728cbf4129ae3f18a96ccec46976d2f7c0dfaeb6
SHA512

d7e472593c71f28a6bcd0683197e6b1c9a5a955d69f8d74fb724ac6aadfe8e572203e0ffbe814b3e84b1b4c2ddfb3c7032cf1c13eecc1d515ff3f674c505f1da
SSDEEP

12288:pqrH+QxLBLaFOghskimIAKbDe0LI7EYop5XyqY7CNJsesI6:MLrxLJJmimIpu0wEYoX7Y7aJses

Score

10^/10

asyncrat default01 discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default01

C2

93.123.109.235:8747

93.123.109.235:7477

woolingbrin.systes.net:8747

woolingbrin.systes.net:7477

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
cicj.exe
install_folder
%Temp%

aes.plain

Targets

- Target
  
  Order Delivery- 1.6.2025.exe
- Size
  
  719KB
- MD5
  
  3e1c3afc24c1772f2a911f0ba3f0cd97
- SHA1
  
  8d4f335aa9ad3600bb65a8ab43275ce3d02fd9b3
- SHA256
  
  2559430bdf73cfe99051af2529d80c9691b641063fe0dd347270e2dff7553479
- SHA512
  
  36f11963360b3fba19b93b16cd19bf67e24887df96d2fd7797575d7c77bdf28b41c65fed042c9dd330dd358a87b4deacbcdebf9ffb7fce96c52fe254140b1ef6
- SSDEEP
  
  12288:9crNS33L10QdrXi4P7r9r/+ppppppppppppppppppppppppppppp0GHpnzDRLI3r:ANA3R5drXj1qHpzDRyEyon7Y1aJ+eW
Score

10^/10

asyncrat default01 discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefault01discoveryrat

behavioral2

asyncratdefault01discoveryrat