asyncrat | 695c7c580690a30a5454ab156ad21d44da887098ad00b2cfff3b9b11e80b4c6d | Triage

Sharing

General

Target

Invoice-ID43739424297.vbs
Size

305B
Sample

210113-wdj6tqwq56
MD5

e78c88623c207166afa977ddb0afefc4
SHA1

ad5bc3c62e12ca88fc6bd8e51001156e379433fb
SHA256

695c7c580690a30a5454ab156ad21d44da887098ad00b2cfff3b9b11e80b4c6d
SHA512

9e13dfb091903e31d3ff535c17f0952e6445252f12101c777e31a590bae626833259de999bf5d621de4c0270a0a036bab6db84d1fa72dd0b727253a2c88046c2

Score

10^/10

asyncrat rat

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://www.minpic.de/k/bgnt/ce637

Extracted

Family

asyncrat

Version

0.5.7B

C2

fat7e07.ddns.net:1177

Mutex

AsyncMutex_6SI8OkPnk

Attributes

aes_key
xl0t83bchaksRVJ46pFw5phLXuET6ukd
anti_detection
false
autorun
false
bdos
false
delay
Default
host
fat7e07.ddns.net
hwid
3
install_file
install_folder
%AppData%
mutex
AsyncMutex_6SI8OkPnk
pastebin_config
null
port
1177
version
0.5.7B

aes.plain

Targets

- Target
  
  Invoice-ID43739424297.vbs
- Size
  
  305B
- MD5
  
  e78c88623c207166afa977ddb0afefc4
- SHA1
  
  ad5bc3c62e12ca88fc6bd8e51001156e379433fb
- SHA256
  
  695c7c580690a30a5454ab156ad21d44da887098ad00b2cfff3b9b11e80b4c6d
- SHA512
  
  9e13dfb091903e31d3ff535c17f0952e6445252f12101c777e31a590bae626833259de999bf5d621de4c0270a0a036bab6db84d1fa72dd0b727253a2c88046c2
Score

10^/10

asyncrat rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2