asyncrat | 5d9462df1358300a31465de672b4b381c93951694a57173888ecfac925bd1b0d | Triage

Sharing

General

Target

client.exe
Size

48KB
Sample

250302-ted9ksxyev
MD5

e6292b21c62a19c81dd8c02d325356a8
SHA1

92c788bb00afccda8c3abb5de86220a3293d8c2b
SHA256

5d9462df1358300a31465de672b4b381c93951694a57173888ecfac925bd1b0d
SHA512

909129b99c7d391ba59b65befb659809651ec989838ad1e9189fdfcef189a6ac7f7dc9db92d4dc7339b71f71145f504b5976362177a23f873d43b7dcdcf5b13a
SSDEEP

768:euUjVTwkbBHWU72ZcFmo2qj3tjTkVxyPImNjbH0bKUPGWGVsgA5Rs9CEcq3BDZnj:euUjVTwA4M2ilkVxbejAbKUPcVsgERsN

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

Mutex

FmolrtiF4eeI

Attributes

delay
3
install
true
install_file
ratatoulie.exe
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/hcwJVFkr

aes.plain

Targets

- Target
  
  client.exe
- Size
  
  48KB
- MD5
  
  e6292b21c62a19c81dd8c02d325356a8
- SHA1
  
  92c788bb00afccda8c3abb5de86220a3293d8c2b
- SHA256
  
  5d9462df1358300a31465de672b4b381c93951694a57173888ecfac925bd1b0d
- SHA512
  
  909129b99c7d391ba59b65befb659809651ec989838ad1e9189fdfcef189a6ac7f7dc9db92d4dc7339b71f71145f504b5976362177a23f873d43b7dcdcf5b13a
- SSDEEP
  
  768:euUjVTwkbBHWU72ZcFmo2qj3tjTkVxyPImNjbH0bKUPGWGVsgA5Rs9CEcq3BDZnj:euUjVTwA4M2ilkVxbejAbKUPcVsgERsN
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat