asyncrat | cb89e6fafecf411a75df6cb06b2302e8f3c9696232dbdff6b25b3d6bec635c91 | Triage

Sharing

General

Target

reversheshell b64 bat TO.exe
Size

88KB
Sample

250330-n9mxbax1ds
MD5

aa8d4f9a7cea9c7c8de61478ae5a7f81
SHA1

5b8ce5f94b702731877e55822dfb505af4332fa6
SHA256

cb89e6fafecf411a75df6cb06b2302e8f3c9696232dbdff6b25b3d6bec635c91
SHA512

2f54a16ad0a7a0ec8c6ea4f08cd28c587a6ac29421ec1433150e80e164d48bdd312480a86b15477deee4e11f3cf331823400a9fc858451fc4eaf59213577c982
SSDEEP

1536:D7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIf3xP+:fq6+ouCpk2mpcWJ0r+QNTBf3B+

Score

10^/10

asyncrat default discovery execution rat

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://tinyurl.com/VIRGPLOAD

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

holefo2785-22820.portmap.host:22820

holefo2785-22820.portmap.host:6606

Mutex

Oma7kBAtvlxY

Attributes

delay
3
install
true
install_file
discord.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  reversheshell b64 bat TO.exe
- Size
  
  88KB
- MD5
  
  aa8d4f9a7cea9c7c8de61478ae5a7f81
- SHA1
  
  5b8ce5f94b702731877e55822dfb505af4332fa6
- SHA256
  
  cb89e6fafecf411a75df6cb06b2302e8f3c9696232dbdff6b25b3d6bec635c91
- SHA512
  
  2f54a16ad0a7a0ec8c6ea4f08cd28c587a6ac29421ec1433150e80e164d48bdd312480a86b15477deee4e11f3cf331823400a9fc858451fc4eaf59213577c982
- SSDEEP
  
  1536:D7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIf3xP+:fq6+ouCpk2mpcWJ0r+QNTBf3B+
Score

10^/10

asyncrat default discovery execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryexecutionrat