asyncrat | 9d19de1d4be447775e3345eae357a9571bd86a607eaf25df48a6840acbc390cc | Triage

Sharing

General

Target

d4278af4c129db3ea1c48d890304abd1
Size

616KB
Sample

220805-w1fqmsgaa4
MD5

d4278af4c129db3ea1c48d890304abd1
SHA1

b6ca93a2c12c164a73339020070662b618723744
SHA256

9d19de1d4be447775e3345eae357a9571bd86a607eaf25df48a6840acbc390cc
SHA512

807c9a5242a831f2f70e8a949a11c58cfe79b9438a7c2d5484ce899cef6f2f8574f7b03a8d896b5e6473669738266cb04b1b0f9c5e63d85c4c2a00e132b9dcc2

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

37.0.14.198:6161

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  d4278af4c129db3ea1c48d890304abd1
- Size
  
  616KB
- MD5
  
  d4278af4c129db3ea1c48d890304abd1
- SHA1
  
  b6ca93a2c12c164a73339020070662b618723744
- SHA256
  
  9d19de1d4be447775e3345eae357a9571bd86a607eaf25df48a6840acbc390cc
- SHA512
  
  807c9a5242a831f2f70e8a949a11c58cfe79b9438a7c2d5484ce899cef6f2f8574f7b03a8d896b5e6473669738266cb04b1b0f9c5e63d85c4c2a00e132b9dcc2
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultrat