asyncrat | 80a014e40493d25ab26964e06ee2c8c885bb8c70d549d1eacd6fb2626cd9a9f5 | Triage

Resubmissions

13-01-2025 00:07

250113-aet59aymcl 3

11-01-2025 23:31

250111-3h1resxjcl 10

11-01-2025 23:29

250111-3g1p2awrgr 10

Sharing

General

Target

new.rar
Size

410KB
Sample

250111-3h1resxjcl
MD5

c572d170d5e25b24adf34894889dc062
SHA1

3749e822ecee526adc6dfb90e4efaf869cb166c5
SHA256

80a014e40493d25ab26964e06ee2c8c885bb8c70d549d1eacd6fb2626cd9a9f5
SHA512

03b93d6a609daf825da2ef2c61f680fa3e4aa44b92ed47fac205bfa939c6929bb82d7047d3ab22f6e2d8dd9fd6ce3bbc4d3e30cd559ce45014095297db33a47b
SSDEEP

12288:AQ+Ixt+pBkED/pZP6ov9jSuJwsiMyuKEboMpdoJnGjopKmBX:AQ+o8BkE7riovhSuJ3iWK3IEG3i

Score

10^/10

asyncrat default discovery evasion rat trojan

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

136.243.175.182:7777

Mutex

9HD6aMtS9FtK

Attributes

delay
3
install
true
install_file
Runtime Broker.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Drivers.exe
- Size
  
  21KB
- MD5
  
  3dbe554d99db5921c2869df9745b32be
- SHA1
  
  ec61ad96e9848de6e55121c8acd8be6221cc204b
- SHA256
  
  70b2d5ddb11d58b8a53d0fdc74259241057812e4dfc21a03b937a320e290d822
- SHA512
  
  6e752d09c1c214bd73f5295eb6ff65eb324d123a57de4ae5516b972f9ec3208e962aca9089f9ef6b91ca3c9394d5c6fd68e806012e9b4aff3f9277b3ee8cd6cc
- SSDEEP
  
  384:vTRQmNZSqP8MyoXKQmXNQltXpQyXlQx/uoOQtGQmXE9RrA5iXNjd2Ht5rkFJ0Wqx:WlOq2tzclrldjdKkFJCVA3g
Score

10^/10

asyncrat default discovery evasion rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Async RAT payload
  rat
- Disables Task Manager via registry modification
  evasion
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryevasionrattrojan

behavioral2

asyncratdefaultdiscoveryevasionrattrojan