asyncrat | 5e688b84ec277bf1b21afd26656940438f467aad134c25240a0d44c6dafc32bd | Triage

Sharing

General

Target

5e688b84ec277bf1b21afd26656940438f467aad134c25240a0d44c6dafc32bd
Size

12.1MB
Sample

250420-x1mpmawjy4
MD5

681d932f071a9c9d99cdffafc56540c8
SHA1

3b58ed8890c29b7479e59d1d1881bd5bac016e87
SHA256

5e688b84ec277bf1b21afd26656940438f467aad134c25240a0d44c6dafc32bd
SHA512

1cd88cd3fa34274296db0049aa926523edd1e9d845bd1927d6f735acbfb8ac7caef1962ec9bf9487882db370b1b3bbf64871810408700a32f6d928966e1d23a8
SSDEEP

196608:EjpQHUBppUYHVo9tC5azXdoqvdl89uRP5sL1WCWMwOANjHzBshSIx5h3DXpYZ:EjpyyppUYmf5oqT89qWrQNHqhSIx5hT

Score

10^/10

asyncrat default defense_evasion discovery pyinstaller rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

3.25.125.234:4782

Mutex

n9S3XYaGvXp6

Attributes

delay
3
install
true
install_file
System.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  5e688b84ec277bf1b21afd26656940438f467aad134c25240a0d44c6dafc32bd
- Size
  
  12.1MB
- MD5
  
  681d932f071a9c9d99cdffafc56540c8
- SHA1
  
  3b58ed8890c29b7479e59d1d1881bd5bac016e87
- SHA256
  
  5e688b84ec277bf1b21afd26656940438f467aad134c25240a0d44c6dafc32bd
- SHA512
  
  1cd88cd3fa34274296db0049aa926523edd1e9d845bd1927d6f735acbfb8ac7caef1962ec9bf9487882db370b1b3bbf64871810408700a32f6d928966e1d23a8
- SSDEEP
  
  196608:EjpQHUBppUYHVo9tC5azXdoqvdl89uRP5sL1WCWMwOANjHzBshSIx5h3DXpYZ:EjpyyppUYmf5oqT89qWrQNHqhSIx5hT
Score

10^/10

asyncrat default defense_evasion discovery pyinstaller rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Obfuscated Files or Information

Command Obfuscation

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdefense_evasiondiscoverypyinstallerrat

behavioral2

asyncratdefaultdefense_evasiondiscoverypyinstallerrat