asyncrat

General

Target

Project7-Signed(1).exe
Size

87KB
Sample

250128-g7rddszrem
MD5

1663d645dfd98ddeb2cda808bde92132
SHA1

470c7ee8a9db8b601bfe1b77e226ba8cddedf3f3
SHA256

c8125da7bb61057ae54927bfbe57d59f8c3d7a85b3ee2a67aca57cbba9e4cae9
SHA512

fd682199784175fe352596c29a8ca2c8d9371bdac310e2e04c131d23a8b106fb02987e76376ad36d5d8c5e733387e03eb6625fba1bc0a425cd1a00b75654c2cb
SSDEEP

1536:IprmwRE0hYuiIeKHJ6W3T3L+MvX+P60cGg9QcAxv7s5+7hEupWqP:IZV/YwhJ66T3L+mOP6DIPxv7x7hEuE2

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://149.88.66.68/test.mp3

Extracted

Family

asyncrat

C2

127.0.0.1:5419

127.0.0.1:5418

127.0.0.1:13792

123.99.198.130:5419

123.99.198.130:5418

123.99.198.130:13792

Attributes

delay
1
install
true
install_file
1.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Project7-Signed(1).exe
- Size
  
  87KB
- MD5
  
  1663d645dfd98ddeb2cda808bde92132
- SHA1
  
  470c7ee8a9db8b601bfe1b77e226ba8cddedf3f3
- SHA256
  
  c8125da7bb61057ae54927bfbe57d59f8c3d7a85b3ee2a67aca57cbba9e4cae9
- SHA512
  
  fd682199784175fe352596c29a8ca2c8d9371bdac310e2e04c131d23a8b106fb02987e76376ad36d5d8c5e733387e03eb6625fba1bc0a425cd1a00b75654c2cb
- SSDEEP
  
  1536:IprmwRE0hYuiIeKHJ6W3T3L+MvX+P60cGg9QcAxv7s5+7hEupWqP:IZV/YwhJ66T3L+mOP6DIPxv7x7hEuE2
Score

10^/10

asyncrat execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

PowerShell

1

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Asyncrat family

Async RAT payload

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2