asyncrat | c71f54716155dd3ae348177cbd6f7c90c6c1a5776c612df4d58543547420bf64 | Triage

Sharing

General

Target

ddnstestingyh.exe
Size

47KB
Sample

250116-x1x6csvrgr
MD5

fab43f920763671a2c5387fa1c38b7ae
SHA1

13dd108fc51d7d1353f140d59ce64e9fec75ed36
SHA256

c71f54716155dd3ae348177cbd6f7c90c6c1a5776c612df4d58543547420bf64
SHA512

ec0b9211190ac8dae8ec0dfa2da81b9dcab08b81ad5791a89bc35266ff92f4c63eed63f06ee6978e84793d1cd2810dda02387b86816a4a56f5e0a8ce710488f8
SSDEEP

768:Zuifo9Tg4xr5WUx9tDmo2qrudKUn6CiJmPIKwzDJjbPM3NRnFo48lKOKYh5koQeJ:Zuqo9Tg+L2jXtiJPKwzDFbPQClKOKYjl

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

http://hiimout.duckdns.org:9112

Mutex

N9sEOR1qLzdN

Attributes

delay
3
install
true
install_file
OBS Updater.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  ddnstestingyh.exe
- Size
  
  47KB
- MD5
  
  fab43f920763671a2c5387fa1c38b7ae
- SHA1
  
  13dd108fc51d7d1353f140d59ce64e9fec75ed36
- SHA256
  
  c71f54716155dd3ae348177cbd6f7c90c6c1a5776c612df4d58543547420bf64
- SHA512
  
  ec0b9211190ac8dae8ec0dfa2da81b9dcab08b81ad5791a89bc35266ff92f4c63eed63f06ee6978e84793d1cd2810dda02387b86816a4a56f5e0a8ce710488f8
- SSDEEP
  
  768:Zuifo9Tg4xr5WUx9tDmo2qrudKUn6CiJmPIKwzDJjbPM3NRnFo48lKOKYh5koQeJ:Zuqo9Tg+L2jXtiJPKwzDFbPQClKOKYjl
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat