asyncrat | ee6aa50f61c71ad0a85d0c60e8cec35c45b949da9e173d79cdcb9c7586ac4e12 | Triage

Sharing

General

Target

Invoice ID-(679789789).vbs
Size

790KB
Sample

210117-hh5pjvm7n2
MD5

f02bd913e532f0ce5cc24adc82f8d0b3
SHA1

49fb5baaa600a5208ba80e18bf89142c3f20b4ab
SHA256

ee6aa50f61c71ad0a85d0c60e8cec35c45b949da9e173d79cdcb9c7586ac4e12
SHA512

64537b7b8b0fb21f41727c99bf6c8da7edc1f4a161a3d11da726c7e2f5b1cb653827ae6c2eba3dbe4ce2a618f839972c36e0cfc915f012b42b5d6d3d75ad3ea6

Score

10^/10

asyncrat rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

C2

ahmed21018.linkpc.net:6666

Mutex

AsyncMutex_6SI8OkPnk

Attributes

aes_key
HfV4Y9fCgIsC3FKVpoDmniTLvXYcA64a
anti_detection
false
autorun
true
bdos
false
delay
Default
host
ahmed21018.linkpc.net
hwid
3
install_file
install_folder
%AppData%
mutex
AsyncMutex_6SI8OkPnk
pastebin_config
null
port
6666
version
0.5.7B

aes.plain

Targets

- Target
  
  Invoice ID-(679789789).vbs
- Size
  
  790KB
- MD5
  
  f02bd913e532f0ce5cc24adc82f8d0b3
- SHA1
  
  49fb5baaa600a5208ba80e18bf89142c3f20b4ab
- SHA256
  
  ee6aa50f61c71ad0a85d0c60e8cec35c45b949da9e173d79cdcb9c7586ac4e12
- SHA512
  
  64537b7b8b0fb21f41727c99bf6c8da7edc1f4a161a3d11da726c7e2f5b1cb653827ae6c2eba3dbe4ce2a618f839972c36e0cfc915f012b42b5d6d3d75ad3ea6
Score

10^/10

asyncrat rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2