asyncrat | 1c58b7edbf5afeeccdff1eda0694d86572e7e25df35cadba6d1c6cd11b6384bd | Triage

Sharing

General

Target

invoice-ID711675345593.vbs
Size

317B
Sample

210106-5by88cgkd6
MD5

730f4edff655d002cbf863543d542c10
SHA1

59f1a7fdd6ff3e0a0191af7f6febaeaba1a4ae44
SHA256

1c58b7edbf5afeeccdff1eda0694d86572e7e25df35cadba6d1c6cd11b6384bd
SHA512

b16eefc3b7a188664ceb4385611305564f02585cb75a1ace40d45d49f22bf2c42686c147e09230f1d04658f5d04cfeec9fef9053604737fe3c7597bff0994441

Score

10^/10

asyncrat rat

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://nyanxcat.online/Runpe/test/N1/PS.jpg

Extracted

Family

asyncrat

Version

0.5.7B

C2

saico015.linkpc.net:6666

Mutex

AsyncMutex_6SI8OkPnk

Attributes

aes_key
9FovObaHt9uwQBnog9MPOAzupINFTyW8
anti_detection
false
autorun
false
bdos
false
delay
Default
host
saico015.linkpc.net
hwid
3
install_file
install_folder
%AppData%
mutex
AsyncMutex_6SI8OkPnk
pastebin_config
null
port
6666
version
0.5.7B

aes.plain

Targets

- Target
  
  invoice-ID711675345593.vbs
- Size
  
  317B
- MD5
  
  730f4edff655d002cbf863543d542c10
- SHA1
  
  59f1a7fdd6ff3e0a0191af7f6febaeaba1a4ae44
- SHA256
  
  1c58b7edbf5afeeccdff1eda0694d86572e7e25df35cadba6d1c6cd11b6384bd
- SHA512
  
  b16eefc3b7a188664ceb4385611305564f02585cb75a1ace40d45d49f22bf2c42686c147e09230f1d04658f5d04cfeec9fef9053604737fe3c7597bff0994441
Score

10^/10

asyncrat rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2