asyncrat | 49faef491cbfe43dd44266f822d744a9d5543fd01375c2b3d89fbe744ff7b400 | Triage

Sharing

General

Target

edada.exe
Size

47KB
Sample

250119-zzcjdawlcw
MD5

f6093b7c45edb15a9d1bf77c5ea7fc6f
SHA1

eec1c1c523fe47fcba093c109c67320c38dc0db2
SHA256

49faef491cbfe43dd44266f822d744a9d5543fd01375c2b3d89fbe744ff7b400
SHA512

ba0a3f173c4e4927a581a2d2aa8a17340f0f0548c4311afe8d84183769978e81a3df1ce4525cd349455f7d6c197755871ddfa5eedd8111738e6dd76850608e73
SSDEEP

768:Nuu91TwQsOnFWUFN1/mo2qDaIvyP10ozjFz2PI87fl/nt0bCyJpBuaOk0KB07JDG:Nuu91TwSb231pZ/8LlCbCqcDgBYdQkdK

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

trip-thesaurus.gl.at.ply.gg:6606

trip-thesaurus.gl.at.ply.gg:8808

trip-thesaurus.gl.at.ply.gg:1337

Mutex

sk4bkiT4mXvt

Attributes

delay
3
install
true
install_file
edada.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  edada.exe
- Size
  
  47KB
- MD5
  
  f6093b7c45edb15a9d1bf77c5ea7fc6f
- SHA1
  
  eec1c1c523fe47fcba093c109c67320c38dc0db2
- SHA256
  
  49faef491cbfe43dd44266f822d744a9d5543fd01375c2b3d89fbe744ff7b400
- SHA512
  
  ba0a3f173c4e4927a581a2d2aa8a17340f0f0548c4311afe8d84183769978e81a3df1ce4525cd349455f7d6c197755871ddfa5eedd8111738e6dd76850608e73
- SSDEEP
  
  768:Nuu91TwQsOnFWUFN1/mo2qDaIvyP10ozjFz2PI87fl/nt0bCyJpBuaOk0KB07JDG:Nuu91TwSb231pZ/8LlCbCqcDgBYdQkdK
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat

behavioral3

asyncratdefaultdiscoveryrat

behavioral4

asyncratdefaultdiscoveryrat