asyncrat | 7cc642bc0c9840f8e81aab866358ae24e3270d680836fddfbfbcdebafd7f323a | Triage

Sharing

General

Target

7cc642bc0c9840f8e81aab866358ae24e3270d680836fddfbfbcdebafd7f323a.exe
Size

11.3MB
Sample

250227-d1ymcatrs6
MD5

253977e0692958f1dffcfc5c7915c13f
SHA1

45678b6cf9fb1501f53db2adc0b7124357601c97
SHA256

7cc642bc0c9840f8e81aab866358ae24e3270d680836fddfbfbcdebafd7f323a
SHA512

5b4ef20ccd10a52f8a650f9a4076647222d3745d31ccc67aacc0ff89b2375166461b0737e00c0a2868d12dc1015fee5273f05807185bb39c62d610c44c1f79f1
SSDEEP

196608:m9qDdgPUtn5IEh8HTvotaD9YJBsMxPPVSPunYmCQtdQYvS+nVecRWmK/9XbiEx0u:uUt+d7YfxPPVFuAd3vDnVZA/BiExyg

Score

10^/10

asyncrat default discovery persistence rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

185.156.175.43:10997

185.189.112.27:10997

176.65.141.162:10997

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  7cc642bc0c9840f8e81aab866358ae24e3270d680836fddfbfbcdebafd7f323a.exe
- Size
  
  11.3MB
- MD5
  
  253977e0692958f1dffcfc5c7915c13f
- SHA1
  
  45678b6cf9fb1501f53db2adc0b7124357601c97
- SHA256
  
  7cc642bc0c9840f8e81aab866358ae24e3270d680836fddfbfbcdebafd7f323a
- SHA512
  
  5b4ef20ccd10a52f8a650f9a4076647222d3745d31ccc67aacc0ff89b2375166461b0737e00c0a2868d12dc1015fee5273f05807185bb39c62d610c44c1f79f1
- SSDEEP
  
  196608:m9qDdgPUtn5IEh8HTvotaD9YJBsMxPPVSPunYmCQtdQYvS+nVecRWmK/9XbiEx0u:uUt+d7YfxPPVFuAd3vDnVZA/BiExyg
Score

10^/10

asyncrat default discovery persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoverypersistencerat

behavioral2

asyncratdefaultdiscoverypersistencerat