asyncrat | 62f7943a38968bc1d92d0ea08c185bf01b6a8daf5812bb30e25899b9ada0daed | Triage

Sharing

General

Target

62f7943a38968bc1d92d0ea08c185bf01b6a8daf5812bb30e25899b9ada0daed.exe
Size

949KB
Sample

250301-dr7hwsxygy
MD5

5f41899fe8f7801b20885898e0f4c05a
SHA1

b696ed30844f88392897eb9c0d47cfabcf9ad5f3
SHA256

62f7943a38968bc1d92d0ea08c185bf01b6a8daf5812bb30e25899b9ada0daed
SHA512

c9490f3359df8be70a21e88cc940c3486391fbc089cb026d5570cc235133f63dd6e8dfc6cce8db9dd11cb64d2a5be6d0329abb15713f5bfb37d9c362f9e3220a
SSDEEP

24576:vnvJUgT/3hRWpul04R3qO/hCwZWHGIEIPURoWuVT:vvygTffWMlH6otkGI9sLuF

Score

10^/10

asyncrat default discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

Esco Private rat

Botnet

Default

C2

196.251.88.53:4449

Mutex

voodynqjploelta

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  62f7943a38968bc1d92d0ea08c185bf01b6a8daf5812bb30e25899b9ada0daed.exe
- Size
  
  949KB
- MD5
  
  5f41899fe8f7801b20885898e0f4c05a
- SHA1
  
  b696ed30844f88392897eb9c0d47cfabcf9ad5f3
- SHA256
  
  62f7943a38968bc1d92d0ea08c185bf01b6a8daf5812bb30e25899b9ada0daed
- SHA512
  
  c9490f3359df8be70a21e88cc940c3486391fbc089cb026d5570cc235133f63dd6e8dfc6cce8db9dd11cb64d2a5be6d0329abb15713f5bfb37d9c362f9e3220a
- SSDEEP
  
  24576:vnvJUgT/3hRWpul04R3qO/hCwZWHGIEIPURoWuVT:vvygTffWMlH6otkGI9sLuF
Score

10^/10

discovery asyncrat default execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Command and Scripting Interpreter: PowerShell
  Run Powershell to execute payload.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultdiscoveryexecutionrat