asyncrat

Resubmissions

12-01-2025 12:32

250112-pqp31avlgn 10

11-01-2025 14:25

250111-rrrdkatmhp 3

11-01-2025 14:16

250111-rlb2patlgm 10

Sharing

Copy URL

Twitter E-mail

General

Target

11012025_1416_Invoice_Payment.exe.iso
Size

1.8MB
Sample

250112-pqp31avlgn
MD5

ff65da034e6eff5d67acdf7c77f7f5de
SHA1

f0e486997b4dd40589af7190dbd6f3f7185026ea
SHA256

12119fcd5a1462c582316f9f907987251c8eea3ea0d8551b8b33b5a22ab0aaa9
SHA512

35490146c9e1c1e626df69fc17911402bc0f8886881811895ec2c6f3fea07bf7fa18b722cdef5f86e12b75274367a51bbb0e20b570ffe207d5b2ef2f154f6991
SSDEEP

49152:25223XesrB/O0APOsBMlWaMCARSuFGKHBWlN:25P3y6lQbRz7qN

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default02

woolingbrin.sytes.net:8747

woolingbrin.sytes.net:7477

87.120.121.160:8747

87.120.121.160:7477

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
15
install
true
install_file
vtc.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  11012025_1416_Invoice_Payment.exe.iso
- Size
  
  1.8MB
- MD5
  
  ff65da034e6eff5d67acdf7c77f7f5de
- SHA1
  
  f0e486997b4dd40589af7190dbd6f3f7185026ea
- SHA256
  
  12119fcd5a1462c582316f9f907987251c8eea3ea0d8551b8b33b5a22ab0aaa9
- SHA512
  
  35490146c9e1c1e626df69fc17911402bc0f8886881811895ec2c6f3fea07bf7fa18b722cdef5f86e12b75274367a51bbb0e20b570ffe207d5b2ef2f154f6991
- SSDEEP
  
  49152:25223XesrB/O0APOsBMlWaMCARSuFGKHBWlN:25P3y6lQbRz7qN
Score

1^/10
behavioral1 behavioral10 behavioral2 behavioral3 behavioral4 behavioral5 behavioral6 behavioral7 behavioral8 behavioral9
- Target
  
  out.iso
- Size
  
  1.8MB
- MD5
  
  ff65da034e6eff5d67acdf7c77f7f5de
- SHA1
  
  f0e486997b4dd40589af7190dbd6f3f7185026ea
- SHA256
  
  12119fcd5a1462c582316f9f907987251c8eea3ea0d8551b8b33b5a22ab0aaa9
- SHA512
  
  35490146c9e1c1e626df69fc17911402bc0f8886881811895ec2c6f3fea07bf7fa18b722cdef5f86e12b75274367a51bbb0e20b570ffe207d5b2ef2f154f6991
- SSDEEP
  
  49152:25223XesrB/O0APOsBMlWaMCARSuFGKHBWlN:25P3y6lQbRz7qN
Score

1^/10
behavioral11 behavioral12 behavioral13 behavioral14 behavioral15 behavioral16 behavioral17 behavioral18 behavioral19 behavioral20
- Target
  
  Invoice_Payment.exe
- Size
  
  1.3MB
- MD5
  
  b1ecdaa42fc6ad9401ca1280d72ebe06
- SHA1
  
  5610ce51bd1268176e1c87f4eba2399b9306773b
- SHA256
  
  05a06ffd09151298fe40ad89b1042276f8166041fb81064060ec8344013bf3c5
- SHA512
  
  57e52b040deb2f8e46be5327bff20a93ec520d5712816ddc8251260c94b4fd6e12fb361488f8c01d31f890364a198491d567be5950b441f924a1e3abce3b0d52
- SSDEEP
  
  24576:sNA3R5drXPUP3m31yGejSrrB/O0AP1PLJVssMIjnglWGzMuxHVy0kIiWT6geGKH2:t5223XesrB/O0APOsBMlWaMCARSuFGKW
Score

10^/10

asyncrat default02 discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral21 behavioral22 behavioral23 behavioral24 behavioral25 behavioral26 behavioral27 behavioral28 behavioral29 behavioral30

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Asyncrat family

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30