asyncrat | fba348d623f8cd0af63315a97ff67a51e0af864fb07c02824cbd83dafb173f8e | Triage

Sharing

General

Target

fba348d623f8cd0af63315a97ff67a51e0af864fb07c02824cbd83dafb173f8e
Size

47KB
Sample

250421-xz7cmsswfy
MD5

8a157f3fc0ea3d6b8644b918b610947e
SHA1

095c33d5b86fd75d76619cffd6259badb5d1b03e
SHA256

fba348d623f8cd0af63315a97ff67a51e0af864fb07c02824cbd83dafb173f8e
SHA512

f2584732363237d6e409c6f0c0c7f038c67df2ae31df92bbed3431afa60495955b896d8a5bf7a913c876e5c7446b9fedab70d040832b82b32dbc5d43c461fc38
SSDEEP

768:6uW81Towx/9WU9Vt+Xmo2qzgTRVTzuuSPIG5RorYKN8n5b0bK78dpNXbpl3rePD+:6uW81Toq7C2fFz97kRaYKN3bK4dfXaF8

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

5.tcp.eu.ngrok.io:15310

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
Valorantbuild.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  fba348d623f8cd0af63315a97ff67a51e0af864fb07c02824cbd83dafb173f8e
- Size
  
  47KB
- MD5
  
  8a157f3fc0ea3d6b8644b918b610947e
- SHA1
  
  095c33d5b86fd75d76619cffd6259badb5d1b03e
- SHA256
  
  fba348d623f8cd0af63315a97ff67a51e0af864fb07c02824cbd83dafb173f8e
- SHA512
  
  f2584732363237d6e409c6f0c0c7f038c67df2ae31df92bbed3431afa60495955b896d8a5bf7a913c876e5c7446b9fedab70d040832b82b32dbc5d43c461fc38
- SSDEEP
  
  768:6uW81Towx/9WU9Vt+Xmo2qzgTRVTzuuSPIG5RorYKN8n5b0bK78dpNXbpl3rePD+:6uW81Toq7C2fFz97kRaYKN3bK4dfXaF8
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat