asyncrat | 911a9ce35f5eba50196cd7280ab6e7fdd9ed52e6a6cae2cdf775148de80a9c10 | Triage

Submit
Reports

Overview

overview

Static

static

3

2w1.exe

windows10-2004-x64

Sharing

General

Target

2w1.exe
Size

20.1MB
Sample

240701-rwbtnszgql
MD5

5824383219570d5efc4a2ed63a91980a
SHA1

f0b2ed592b33ba40f1117625458a1b820e10dcf7
SHA256

911a9ce35f5eba50196cd7280ab6e7fdd9ed52e6a6cae2cdf775148de80a9c10
SHA512

2d689a786247216e24ef3ec706d51a5fdad4382a73f76207ce61df3072ea08bc9c5815491a4b209dceb57e41b8a5dad95b1dca62bb2a7bb81265246bf85086a5
SSDEEP

393216:UtGGoHbktzg43YDKxq0XPZ0gsgEsQIGqr1+TtIi00VQ/6Z:UkPwzgIKYftskh71QtImAk

Score

10^/10

asyncrat default defense_evasion pyinstaller rat

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2w1.exe

Resource

win10v2004-20240508-en

asyncrat default defense_evasion pyinstaller rat

windows10-2004-x64

15 signatures

600 seconds

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

185.254.97.15:1334

Attributes

delay
1
install
true
install_file
XD.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  2w1.exe
- Size
  
  20.1MB
- MD5
  
  5824383219570d5efc4a2ed63a91980a
- SHA1
  
  f0b2ed592b33ba40f1117625458a1b820e10dcf7
- SHA256
  
  911a9ce35f5eba50196cd7280ab6e7fdd9ed52e6a6cae2cdf775148de80a9c10
- SHA512
  
  2d689a786247216e24ef3ec706d51a5fdad4382a73f76207ce61df3072ea08bc9c5815491a4b209dceb57e41b8a5dad95b1dca62bb2a7bb81265246bf85086a5
- SSDEEP
  
  393216:UtGGoHbktzg43YDKxq0XPZ0gsgEsQIGqr1+TtIi00VQ/6Z:UkPwzgIKYftskh71QtImAk
Score

10^/10

asyncrat default defense_evasion pyinstaller rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

asyncratdefaultdefense_evasionpyinstallerrat

© 2018-2024

Terms | Privacy