asyncrat | 6d52f72d16a4e5057ba82b43278e47b4c44d3d1ec8566681e72bfe21d7e86a63 | Triage

Sharing

General

Target

AsyncClient.exe
Size

48KB
Sample

250302-tjyh1sykx5
MD5

c73e9ac2a8016900540f7e8c076a0c6c
SHA1

a06194d2d31c4092bafe50b7fe034c2df6eeae64
SHA256

6d52f72d16a4e5057ba82b43278e47b4c44d3d1ec8566681e72bfe21d7e86a63
SHA512

a6c92ba547761d28374b56b433fb75bec1e7c12c060c77bcb32b570b3c6a390a0cd12ee7ed66a3cc5f4ea70f20fa85720b082604988b9ddcd7d88f5ee61b7e33
SSDEEP

768:iuUjVTwkbBHWU72ZcFmo2qjuG2aJbnOPI2MgCZDXoN0be7UX+xoLlM6ZmR3i58TP:iuUjVTwA4M2op2MgCXoKbGUXooLl/Z8v

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

Mutex

EsPbolIGiMu1

Attributes

delay
3
install
true
install_file
ratatoulie.exe
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/hcwJVFkr

aes.plain

Targets

- Target
  
  AsyncClient.exe
- Size
  
  48KB
- MD5
  
  c73e9ac2a8016900540f7e8c076a0c6c
- SHA1
  
  a06194d2d31c4092bafe50b7fe034c2df6eeae64
- SHA256
  
  6d52f72d16a4e5057ba82b43278e47b4c44d3d1ec8566681e72bfe21d7e86a63
- SHA512
  
  a6c92ba547761d28374b56b433fb75bec1e7c12c060c77bcb32b570b3c6a390a0cd12ee7ed66a3cc5f4ea70f20fa85720b082604988b9ddcd7d88f5ee61b7e33
- SSDEEP
  
  768:iuUjVTwkbBHWU72ZcFmo2qjuG2aJbnOPI2MgCZDXoN0be7UX+xoLlM6ZmR3i58TP:iuUjVTwA4M2op2MgCXoKbGUXooLl/Z8v
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat