asyncrat | ada59bb47c3eacd106c6a9dfa31405ed3396ed8703fa4617d766ed29bcafc92f | Triage

Sharing

General

Target

ada59bb47c3eacd106c6a9dfa31405ed3396ed8703fa4617d766ed29bcafc92f
Size

441KB
Sample

250107-c1jmraskcq
MD5

ef30cabd2b8df639793516fa10ca470b
SHA1

df15493f5ed787bcad3e7847abe572f8b9c244c7
SHA256

ada59bb47c3eacd106c6a9dfa31405ed3396ed8703fa4617d766ed29bcafc92f
SHA512

d7282571026e0052d56efb4ad92c1239b74d6f06d9e58361039668249073f8fa14e43377dfd86c825d5898b010b422d59fb94033c57cf14b25cffc4084017097
SSDEEP

6144:7U7/Q+2VS3wsUxBn2GPXa99gG1mYuglVEcWR/sJtsRJ91BEQwp+ZucgfaawnuCT:7UU+6xBn2GPX29HmYn3EcSNRBEvwTBPF

Score

10^/10

asyncrat default01 discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default01

C2

93.123.109.235:8747

93.123.109.235:7477

woolingbrin.systes.net:8747

woolingbrin.systes.net:7477

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
cicj.exe
install_folder
%Temp%

aes.plain

Targets

- Target
  
  Order Delivery- 1.6.2025.exe
- Size
  
  634KB
- MD5
  
  638945b4208abc0bc7126657454a4e03
- SHA1
  
  8dc353e3834325e94f3bcf1c28d0763af5183336
- SHA256
  
  0265bce453d46f747901b0cc32367afc17ca79c5ab05d55b66ed58c99680fc95
- SHA512
  
  382b9ecd098154fc638870b901d54c659c02e3c2c92ea90bfa82080052e2c7095b76315cf3f63250d9bfdaeb4d1356123beac069553f37a845cd42296b5b3509
- SSDEEP
  
  12288:VcrNS33L10QdrXPdlM/nQPe6cS1RBEp2LBoK:INA3R5drXPU/QPp71RB62LaK
Score

10^/10

asyncrat default01 discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefault01discoveryrat

behavioral2

asyncratdefault01discoveryrat