asyncrat | 441c8c73ea3f781774e9ee684d4d51127ec736c9fb6423fad0aea20695abd3c3 | Triage

Sharing

General

Target

441c8c73ea3f781774e9ee684d4d51127ec736c9fb6423fad0aea20695abd3c3.exe
Size

686KB
Sample

250114-c1yfxatqey
MD5

15fe2ac3357c534e280cc8d9de964aed
SHA1

af1e4824a0a4954c69fe91b6ad54e66a4f3a7511
SHA256

441c8c73ea3f781774e9ee684d4d51127ec736c9fb6423fad0aea20695abd3c3
SHA512

c32bfa3d04b1e67b2019afd9ee25b136e1880279f32a17a30128d2e574eb19578996167015cb620b91e3380186bc20b997045db426d4420ea4e1977b730acbdc
SSDEEP

12288:r8dStNKcItS4StNKcItSfl12tZ9uLUxL7HNHJTs2aInH5am38Dj11WWh2fab8fXk:r8yNK1t4NK1tOqLBCIHom383WxfaoXpe

Score

10^/10

asyncrat coke discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

COKE

C2

quin.ydns.eu:1962

quin.ydns.eu:1940

185.38.142.240:1962

185.38.142.240:1940

Mutex

dLOEY8XRq1oB

Attributes

delay
3
install
false
install_file
windowsBook.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  441c8c73ea3f781774e9ee684d4d51127ec736c9fb6423fad0aea20695abd3c3.exe
- Size
  
  686KB
- MD5
  
  15fe2ac3357c534e280cc8d9de964aed
- SHA1
  
  af1e4824a0a4954c69fe91b6ad54e66a4f3a7511
- SHA256
  
  441c8c73ea3f781774e9ee684d4d51127ec736c9fb6423fad0aea20695abd3c3
- SHA512
  
  c32bfa3d04b1e67b2019afd9ee25b136e1880279f32a17a30128d2e574eb19578996167015cb620b91e3380186bc20b997045db426d4420ea4e1977b730acbdc
- SSDEEP
  
  12288:r8dStNKcItS4StNKcItSfl12tZ9uLUxL7HNHJTs2aInH5am38Dj11WWh2fab8fXk:r8yNK1t4NK1tOqLBCIHom383WxfaoXpe
Score

10^/10

asyncrat coke discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratcokediscoveryrat

behavioral2

asyncratcokediscoveryrat