asyncrat | 57376a7ec745a40f662ce995d0180867e7fafec8b7b4dc3f2043a6cc526211bd | Triage

Sharing

General

Target

kook.exe
Size

47KB
Sample

250116-ydfs8swjat
MD5

aa2b2113fe384872456513e6418257bb
SHA1

4051944b7241ac282a7f4de04cecd854ed8e45fd
SHA256

57376a7ec745a40f662ce995d0180867e7fafec8b7b4dc3f2043a6cc526211bd
SHA512

cb657f76da9c8a269c7c8cc4bb787fc660cda957c736d9f60b8867c74c74b4714fc6340afbbc8adafc81e5255e47fb44db6e4a4e3c78d7d3a3f69a6832b34451
SSDEEP

768:8uSBGTAo1wxWUpdj7mo2qLo8Yuyxu0/PIf1UXWk2tm9Z0bVMJRMNCSdCRPBDZox:8uSBGTA2g2Pqz0Yf1jtmsbVsICvR5dox

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

86.176.113.167:9112

Mutex

10CL9iR8lBDX

Attributes

delay
3
install
false
install_file
OBS Updater.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  kook.exe
- Size
  
  47KB
- MD5
  
  aa2b2113fe384872456513e6418257bb
- SHA1
  
  4051944b7241ac282a7f4de04cecd854ed8e45fd
- SHA256
  
  57376a7ec745a40f662ce995d0180867e7fafec8b7b4dc3f2043a6cc526211bd
- SHA512
  
  cb657f76da9c8a269c7c8cc4bb787fc660cda957c736d9f60b8867c74c74b4714fc6340afbbc8adafc81e5255e47fb44db6e4a4e3c78d7d3a3f69a6832b34451
- SSDEEP
  
  768:8uSBGTAo1wxWUpdj7mo2qLo8Yuyxu0/PIf1UXWk2tm9Z0bVMJRMNCSdCRPBDZox:8uSBGTA2g2Pqz0Yf1jtmsbVsICvR5dox
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Deletes itself
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat

behavioral3

asyncratdefaultdiscoveryrat