asyncrat | 2ebed6be66514b15e46f9b3afc93a20c9bbfb9aebba07128320b2e56c239e3d9 | Triage

Sharing

General

Target

PEinstall.exe
Size

57KB
Sample

250419-2splgaymx4
MD5

ea80d619808889ea8edb799056a67bc1
SHA1

de591d83c5e24498a294366205d0a12d2098385c
SHA256

2ebed6be66514b15e46f9b3afc93a20c9bbfb9aebba07128320b2e56c239e3d9
SHA512

d7e43ccd9a2f4f0d959d49ddc089a90da4e7e00cde0480c849d5078cf6127d5a15f4229067170399e6722a574b43f2121f9cbc8b34768b844583adacaff07929
SSDEEP

1536:KERi5rR21kXfc3dLnUAfUgc2vZnmHYUTmu1ycX9D:3RV6EpUgcTmu1ycX9D

Score

10^/10

asyncrat default defense_evasion discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

127.0.0.1:2009

Mutex

jc1XWfeoz50P

Attributes

delay
10
install
true
install_file
executor.exe
install_folder
%Temp%

aes.plain

Targets

- Target
  
  PEinstall.exe
- Size
  
  57KB
- MD5
  
  ea80d619808889ea8edb799056a67bc1
- SHA1
  
  de591d83c5e24498a294366205d0a12d2098385c
- SHA256
  
  2ebed6be66514b15e46f9b3afc93a20c9bbfb9aebba07128320b2e56c239e3d9
- SHA512
  
  d7e43ccd9a2f4f0d959d49ddc089a90da4e7e00cde0480c849d5078cf6127d5a15f4229067170399e6722a574b43f2121f9cbc8b34768b844583adacaff07929
- SSDEEP
  
  1536:KERi5rR21kXfc3dLnUAfUgc2vZnmHYUTmu1ycX9D:3RV6EpUgcTmu1ycX9D
Score

10^/10

asyncrat default defense_evasion discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Obfuscated Files or Information

Command Obfuscation

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdefense_evasiondiscoveryrat

behavioral2

asyncratdefaultdefense_evasionrat