asyncrat | 2cb274d7b7a10ce30a8f8f09795e900510b391f50e3952531231aae3117d6761 | Triage

Sharing

General

Target

2cb274d7b7a10ce30a8f8f09795e900510b391f50e3952531231aae3117d6761
Size

1.1MB
Sample

250421-xpvwvsstes
MD5

437b89f58e88118121d76c3880c876a0
SHA1

89ee110065073b4ab9f58d48687a73637648af62
SHA256

2cb274d7b7a10ce30a8f8f09795e900510b391f50e3952531231aae3117d6761
SHA512

e69c81a6ce5a0bddad6ae06be8ca75e5205f3c13b5839c0433231dde23091bbbd8977442cb0284d76701a6a005716f755f4ddb1f2d51cc30de8a54739c7f887e
SSDEEP

24576:GpWSsqIyFmGZXUvGX8CNuc1kQypx97xKd8:iWmkGZEO71kQypx97xm

Score

10^/10

asyncrat default discovery persistence rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

carolina-candles.gl.at.ply.gg:34316

Mutex

HKFTYhn7m3AO

Attributes

delay
3
install
true
install_file
Svchost.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  2cb274d7b7a10ce30a8f8f09795e900510b391f50e3952531231aae3117d6761
- Size
  
  1.1MB
- MD5
  
  437b89f58e88118121d76c3880c876a0
- SHA1
  
  89ee110065073b4ab9f58d48687a73637648af62
- SHA256
  
  2cb274d7b7a10ce30a8f8f09795e900510b391f50e3952531231aae3117d6761
- SHA512
  
  e69c81a6ce5a0bddad6ae06be8ca75e5205f3c13b5839c0433231dde23091bbbd8977442cb0284d76701a6a005716f755f4ddb1f2d51cc30de8a54739c7f887e
- SSDEEP
  
  24576:GpWSsqIyFmGZXUvGX8CNuc1kQypx97xKd8:iWmkGZEO71kQypx97xm
Score

10^/10

asyncrat default discovery persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoverypersistencerat

behavioral2

asyncratdefaultdiscoverypersistencerat