asyncrat | aaebd2f26a0aa13a312b08d6c1f6fd62f57e744727da88c0c44d8d23c778dddd | Triage

Sharing

General

Target

AsyncClient.exe
Size

45KB
Sample

250302-s6xpkaxrs2
MD5

670af6cdd160ac768544d9a7ebe9975e
SHA1

b96f901ab0ca03dcbc348c4f25839153265357d9
SHA256

aaebd2f26a0aa13a312b08d6c1f6fd62f57e744727da88c0c44d8d23c778dddd
SHA512

c491b5bb1db904ddf2d34add8794eed7ba074d633f4c5439ffdf41dbd23cf5d8f182808de9734a25b417229d02b814bd9bc35ec9c29861ed0588e2d9cfdb1166
SSDEEP

768:UuETKT0k3qXWUrV6e1mo2qyIQKjPGaG6PIyzjbFgX3i/p0yXGH0YWBDZVj:UuETKT0cE2/1KTkDy3bCXS/p0yu8dVj

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

197.48.74.234:6606

Mutex

xYOOhhxRbEW7

Attributes

delay
3
install
true
install_file
ratatoulie.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  AsyncClient.exe
- Size
  
  45KB
- MD5
  
  670af6cdd160ac768544d9a7ebe9975e
- SHA1
  
  b96f901ab0ca03dcbc348c4f25839153265357d9
- SHA256
  
  aaebd2f26a0aa13a312b08d6c1f6fd62f57e744727da88c0c44d8d23c778dddd
- SHA512
  
  c491b5bb1db904ddf2d34add8794eed7ba074d633f4c5439ffdf41dbd23cf5d8f182808de9734a25b417229d02b814bd9bc35ec9c29861ed0588e2d9cfdb1166
- SSDEEP
  
  768:UuETKT0k3qXWUrV6e1mo2qyIQKjPGaG6PIyzjbFgX3i/p0yXGH0YWBDZVj:UuETKT0cE2/1KTkDy3bCXS/p0yu8dVj
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat