asyncrat | 55003a7b54c120f1a15f12fb4223a13cf4ac1469a9823f4ee3ba0f6794caefe1 | Triage

Sharing

General

Target

Invoice ID-(684472).vbs
Size

1KB
Sample

210101-1fptb2g8k2
MD5

c05a85cfc2c324d1d07fdb9d4bcddeb0
SHA1

dedbcd22b4ff8b2b2d7ae7a8591f05da0f57a78b
SHA256

55003a7b54c120f1a15f12fb4223a13cf4ac1469a9823f4ee3ba0f6794caefe1
SHA512

205656caee003f18b86a44b14017a6bc515179de931285d2d960054adc9f12c60fd58429b867f01600da476d5bf36c872759afe9ddcc925151e4d19f9cc7c3c3

Score

10^/10

asyncrat rat

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://ia601405.us.archive.org/18/items/1_20201225_20201225_1405/1.txt

ps1.dropper

https://ia801506.us.archive.org/32/items/4_20201225/4.txt

Extracted

Family

asyncrat

Version

0.5.7B

C2

clayroot2016.linkpc.net:6666

Mutex

AsyncMutex_6SI8OkPnk

Attributes

aes_key
nNbw756406FgME0njT0oTet2agAzSaJX
anti_detection
false
autorun
false
bdos
false
delay
Default
host
clayroot2016.linkpc.net
hwid
3
install_file
install_folder
%AppData%
mutex
AsyncMutex_6SI8OkPnk
pastebin_config
null
port
6666
version
0.5.7B

aes.plain

Targets

- Target
  
  Invoice ID-(684472).vbs
- Size
  
  1KB
- MD5
  
  c05a85cfc2c324d1d07fdb9d4bcddeb0
- SHA1
  
  dedbcd22b4ff8b2b2d7ae7a8591f05da0f57a78b
- SHA256
  
  55003a7b54c120f1a15f12fb4223a13cf4ac1469a9823f4ee3ba0f6794caefe1
- SHA512
  
  205656caee003f18b86a44b14017a6bc515179de931285d2d960054adc9f12c60fd58429b867f01600da476d5bf36c872759afe9ddcc925151e4d19f9cc7c3c3
Score

10^/10

asyncrat rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2