asyncrat | a412a3bdf6e8891fa60734b53430db5d0ac8dce28a764fd013dd767614790c45 | Triage

Sharing

General

Target

invoice-ID3626307348012.vbs
Size

324B
Sample

210107-6gfete95d6
MD5

50f7355426061a1952f878e61e072d5e
SHA1

90156383d18b6851298d1c68f0cca24f6c7375fe
SHA256

a412a3bdf6e8891fa60734b53430db5d0ac8dce28a764fd013dd767614790c45
SHA512

959e8b1cc6eb2e4cf8670567f60aa496ae5af2920b40d8fa9e0705058f57e2e4a8dac029af55514c9a20d5fad4fdd951d676dcaecd33795964dee3ff0a3a5d06

Score

10^/10

asyncrat rat

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://www.minpic.de/k/bfqj/2ipze/

Extracted

Family

asyncrat

Version

0.5.7B

C2

saico015.linkpc.net:6666

Mutex

AsyncMutex_6SI8OkPnk

Attributes

aes_key
9FovObaHt9uwQBnog9MPOAzupINFTyW8
anti_detection
false
autorun
false
bdos
false
delay
Default
host
saico015.linkpc.net
hwid
3
install_file
install_folder
%AppData%
mutex
AsyncMutex_6SI8OkPnk
pastebin_config
null
port
6666
version
0.5.7B

aes.plain

Targets

- Target
  
  invoice-ID3626307348012.vbs
- Size
  
  324B
- MD5
  
  50f7355426061a1952f878e61e072d5e
- SHA1
  
  90156383d18b6851298d1c68f0cca24f6c7375fe
- SHA256
  
  a412a3bdf6e8891fa60734b53430db5d0ac8dce28a764fd013dd767614790c45
- SHA512
  
  959e8b1cc6eb2e4cf8670567f60aa496ae5af2920b40d8fa9e0705058f57e2e4a8dac029af55514c9a20d5fad4fdd951d676dcaecd33795964dee3ff0a3a5d06
Score

10^/10

asyncrat rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2