asyncrat | 6cdd270a2bad95c8a063a9fe876f6c454f2b5219164c476e2bf94350ab050618 | Triage

Sharing

General

Target

6cdd270a2bad95c8a063a9fe876f6c454f2b5219164c476e2bf94350ab050618
Size

73KB
Sample

250329-x2xafssq17
MD5

75e679528300f0eec2aab97faf87a0b1
SHA1

5f5e310edf9b08693a31003a91071b5b4b7bfd39
SHA256

6cdd270a2bad95c8a063a9fe876f6c454f2b5219164c476e2bf94350ab050618
SHA512

7b051d593aa6c20ec50018c56f834388345f025c2e5257cd0c887aeb15f6e6302e57c91b3009ae65a5456aef3c338a5603bda45240eaa325e7636475fe01d935
SSDEEP

768:btF3S1PK+iPDVwir9JSIEZvkYIuu7tkA1+BSrv7mqb2nyHpwH1oQWM4Vp8GX90P7:BkKhJ2ZsYCnn/bb5weMrGX90+t3VclN

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
3
install
true
install_file
MicrosoftEdgeUpdate.exe
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/ZnhxAV6a

aes.plain

Targets

- Target
  
  6cdd270a2bad95c8a063a9fe876f6c454f2b5219164c476e2bf94350ab050618
- Size
  
  73KB
- MD5
  
  75e679528300f0eec2aab97faf87a0b1
- SHA1
  
  5f5e310edf9b08693a31003a91071b5b4b7bfd39
- SHA256
  
  6cdd270a2bad95c8a063a9fe876f6c454f2b5219164c476e2bf94350ab050618
- SHA512
  
  7b051d593aa6c20ec50018c56f834388345f025c2e5257cd0c887aeb15f6e6302e57c91b3009ae65a5456aef3c338a5603bda45240eaa325e7636475fe01d935
- SSDEEP
  
  768:btF3S1PK+iPDVwir9JSIEZvkYIuu7tkA1+BSrv7mqb2nyHpwH1oQWM4Vp8GX90P7:BkKhJ2ZsYCnn/bb5weMrGX90+t3VclN
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat