asyncrat | 2fcdea969160b033554d4b6c357f4dba20b83fb4dbec4763a908c6e981ba1eae | Triage

Sharing

General

Target

2fcdea969160b033554d4b6c357f4dba20b83fb4dbec4763a908c6e981ba1eae
Size

62KB
Sample

250419-yhbp3swnz2
MD5

852c0a85fbd6d9d052676efe8f12d69e
SHA1

a828267cbe343c93f9453b28206ea259b9e02917
SHA256

2fcdea969160b033554d4b6c357f4dba20b83fb4dbec4763a908c6e981ba1eae
SHA512

26d2d61c5bb9258116ed94012186ea2c9666b301e1a76892401c11b2f649a30b1cb9dc5679d98293ff797eaaa49ecede09fb1ded8ce41e433660113dde3dc672
SSDEEP

1536:C5gfnNsYMnl70qDzZeeCglUGbbXw6qO06HGTkpqKmY7k:C5gfnNsYMnl7XzMep+GbbXB9Svz3

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

0.0.1

Botnet

Default

C2

127.0.0.1:8848

127.0.0.1:31880

111.180.190.199:8848

111.180.190.199:31880

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
true
install_file
msedgewebview2.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  2fcdea969160b033554d4b6c357f4dba20b83fb4dbec4763a908c6e981ba1eae
- Size
  
  62KB
- MD5
  
  852c0a85fbd6d9d052676efe8f12d69e
- SHA1
  
  a828267cbe343c93f9453b28206ea259b9e02917
- SHA256
  
  2fcdea969160b033554d4b6c357f4dba20b83fb4dbec4763a908c6e981ba1eae
- SHA512
  
  26d2d61c5bb9258116ed94012186ea2c9666b301e1a76892401c11b2f649a30b1cb9dc5679d98293ff797eaaa49ecede09fb1ded8ce41e433660113dde3dc672
- SSDEEP
  
  1536:C5gfnNsYMnl70qDzZeeCglUGbbXw6qO06HGTkpqKmY7k:C5gfnNsYMnl7XzMep+GbbXB9Svz3
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

defaultasyncrat

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat