asyncrat | 9a28d9af0aa7dff9c5cfdff951741bc373136be228de7854f6e894a687a1bb42 | Triage

Sharing

General

Target

9a28d9af0aa7dff9c5cfdff951741bc373136be228de7854f6e894a687a1bb42
Size

55KB
Sample

250421-yclm4awpz7
MD5

56eff7af5c30f676f597850f13790a17
SHA1

fdc3d37fc44b062210a8e6a71af8512946cdebe0
SHA256

9a28d9af0aa7dff9c5cfdff951741bc373136be228de7854f6e894a687a1bb42
SHA512

a265907762ec558ef2b0f063d401c684aa415fa8d3417cf9ef5d4c186c06ff68c6595d426ea2c4cf646816611e9c3170fc57efab2068693ba2bfa9d0f0688fb6
SSDEEP

1536:LZmLRbf0HC//fAy2vsm5tLOmEVIgASAF/:dmLpb/Bm5VOFV6t

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

Mutex

mAtPhGSpaK8n

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  9a28d9af0aa7dff9c5cfdff951741bc373136be228de7854f6e894a687a1bb42
- Size
  
  55KB
- MD5
  
  56eff7af5c30f676f597850f13790a17
- SHA1
  
  fdc3d37fc44b062210a8e6a71af8512946cdebe0
- SHA256
  
  9a28d9af0aa7dff9c5cfdff951741bc373136be228de7854f6e894a687a1bb42
- SHA512
  
  a265907762ec558ef2b0f063d401c684aa415fa8d3417cf9ef5d4c186c06ff68c6595d426ea2c4cf646816611e9c3170fc57efab2068693ba2bfa9d0f0688fb6
- SSDEEP
  
  1536:LZmLRbf0HC//fAy2vsm5tLOmEVIgASAF/:dmLpb/Bm5VOFV6t
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat