asyncrat | f989ddf3ad9954b4c903af0e3a72a10c7727882bcba27d744b29c243df43516c | Triage

Sharing

General

Target

lossless scaling.zip
Size

5.6MB
Sample

250227-bn1vtszscv
MD5

e5e78617aefb2291b0f2d7eb8a7778c2
SHA1

1669eb4bb944754c2d7ee37d482ba93487ba7193
SHA256

f989ddf3ad9954b4c903af0e3a72a10c7727882bcba27d744b29c243df43516c
SHA512

3f8421b9a94a06d54f6e38f786e81644e6ec9c24ee25e19121b3f8ae2ac9262cc4f20d508f6579d53b772026a936f318d2626753f3e850624d21ff92d4aa58d8
SSDEEP

98304:CMp9p80wyXWSimVm1r3W+q2sGNZqyKbPAoGYD6uRnmGuglGW/DnDUxoulB:JsdYWSZ9+hLqRbPnD6qPuz+4

Score

10^/10

asyncrat default defense_evasion execution rat trojan

Malware Config

Extracted

Family

asyncrat

Version

A 14

Botnet

Default

C2

mhmad1.accesscam.org:404

aliweq.ddnsgeek.com:404

mhmad1.work.gd:404

Mutex

MaterxMutex_Egypt404

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  lossless scaling.zip
- Size
  
  5.6MB
- MD5
  
  e5e78617aefb2291b0f2d7eb8a7778c2
- SHA1
  
  1669eb4bb944754c2d7ee37d482ba93487ba7193
- SHA256
  
  f989ddf3ad9954b4c903af0e3a72a10c7727882bcba27d744b29c243df43516c
- SHA512
  
  3f8421b9a94a06d54f6e38f786e81644e6ec9c24ee25e19121b3f8ae2ac9262cc4f20d508f6579d53b772026a936f318d2626753f3e850624d21ff92d4aa58d8
- SSDEEP
  
  98304:CMp9p80wyXWSimVm1r3W+q2sGNZqyKbPAoGYD6uRnmGuglGW/DnDUxoulB:JsdYWSZ9+hLqRbPnD6qPuz+4
Score

10^/10

asyncrat default defense_evasion execution rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- UAC bypass
  defense_evasion trojan
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Scheduled Task/Job

Scheduled Task

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdefense_evasionexecutionrattrojan