asyncrat | 150881bedbe73b815d87b588a69e7b1aaae37fba68f11b10b2fa4d553284447d | Triage

Sharing

General

Target

4samples.zip
Size

2.8MB
Sample

250109-tdg9vawkem
MD5

02968941225208101c33ef7eee57174c
SHA1

61968f2a5ed3a9f7c65319b2609ebdd385093aba
SHA256

150881bedbe73b815d87b588a69e7b1aaae37fba68f11b10b2fa4d553284447d
SHA512

6b1cdced18f44b0e53e2ff59c2926e44f5b7161e653ba0769441aa633968852776bf27dfcad58c3a74866cf2ebc9abe9db08cf452fcb9ad7871f871b1dba8b0f
SSDEEP

49152:sGVUsVf56lbcCFqblUVvp62e2gFOHswevQN2kfCeClKT0rbfs9ZMsYG:DVhVfKwCFq56zgO3evQMkKrKArz+MsYG

Score

10^/10

asyncrat 010-oct discovery rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

010-Oct

C2

doesnotkl.dynuddns.net:11206

Mutex

DcRatMutex_qyunchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  19a00488730bc7785390df8887b925f58aa649defbeed9b4ed27a66d5f8b3359
- Size
  
  6.7MB
- MD5
  
  5fcb89ff5f2331eca62218c7caff51ec
- SHA1
  
  1881f5aa444f06520d63336b874d9f31badcdf4f
- SHA256
  
  19a00488730bc7785390df8887b925f58aa649defbeed9b4ed27a66d5f8b3359
- SHA512
  
  e070334b93a4cd492ea52839c6c0df1723e7e735c09d92f718d04528b9ec1c00e4b2b226949034436cfeba03293ed677dbd973cc73fe06a8c00cf45154f606dd
- SSDEEP
  
  98304:MKa2BPltKXxfNUFFD+DFp5EfrIl1sjWZBDzJc6mRr+IbEQhjj9EsLFtosd8AJ:ZFltSjUFFD+Uo2jWZBvJ8cQhjBUsd8AJ
Score

10^/10

asyncrat 010-oct discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncrat010-octdiscoveryrat

behavioral2

asyncrat010-octdiscoveryrat