asyncrat | 9586be184264c169c7e865f6b954aed24cce3547e479e4c38b13753588b5a083 | Triage

Sharing

General

Target

9586be184264c169c7e865f6b954aed24cce3547e479e4c38b13753588b5a083N.exe
Size

937KB
Sample

250117-samvgssmc1
MD5

739120c1f7c118f14b10afab34c9a380
SHA1

2b62139bd0e2187b5379da0283f21675ecc5fdbb
SHA256

9586be184264c169c7e865f6b954aed24cce3547e479e4c38b13753588b5a083
SHA512

e9600c458c851cb6264a35ea0c18bcba828a1d986cbc99c4a50104c930d0f103d9b7dac4905a96506fe42f1d3539cc4ca70db6adbeb6123edd1cdbb525b0879e
SSDEEP

24576:jNA3R5drXm1bYf1c4xt6fLdf+s77ZpwWdBO2JLZULqLfO:O52EfyJWs77ZOAO2Gqi

Score

10^/10

asyncrat default02 discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default02

C2

woolingbrin.sytes.net:8747

woolingbrin.sytes.net:7477

87.120.121.160:8747

87.120.121.160:7477

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
15
install
true
install_file
vtc.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  9586be184264c169c7e865f6b954aed24cce3547e479e4c38b13753588b5a083N.exe
- Size
  
  937KB
- MD5
  
  739120c1f7c118f14b10afab34c9a380
- SHA1
  
  2b62139bd0e2187b5379da0283f21675ecc5fdbb
- SHA256
  
  9586be184264c169c7e865f6b954aed24cce3547e479e4c38b13753588b5a083
- SHA512
  
  e9600c458c851cb6264a35ea0c18bcba828a1d986cbc99c4a50104c930d0f103d9b7dac4905a96506fe42f1d3539cc4ca70db6adbeb6123edd1cdbb525b0879e
- SSDEEP
  
  24576:jNA3R5drXm1bYf1c4xt6fLdf+s77ZpwWdBO2JLZULqLfO:O52EfyJWs77ZOAO2Gqi
Score

10^/10

asyncrat default02 discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefault02discoveryrat

behavioral2

asyncratdefault02discoveryrat