asyncrat | 4622e0560aaa02a43009773a1c42f8017cae6b63f0f7950b358c22d46c757e1c | Triage

Sharing

General

Target

invoice954423.vbs
Size

236B
Sample

210427-haqmmp98zn
MD5

755e0f945656b708f911ff7438ee3dda
SHA1

147e7d2fad41deea7b15801a815dd80c340ae9b2
SHA256

4622e0560aaa02a43009773a1c42f8017cae6b63f0f7950b358c22d46c757e1c
SHA512

3d6c7eab9ac8ecd9fc4b8ce2f22026444500c4fc6327c674e5298a0eb3ea23ac7e9b173c67cb4fa67ce223e2dfbd0f7b338e60d5d00320ebaf6ba969d2b5d00f

Score

10^/10

asyncrat rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

C2

bad96.ddns.net:1996

Mutex

AsyncMutex_6SI8OkPnk

Attributes

aes_key
wV8wYBZRpKZKwS4P6oMapiOlrel4uoXW
anti_detection
false
autorun
false
bdos
false
delay
Default
host
bad96.ddns.net
hwid
3
install_file
install_folder
%AppData%
mutex
AsyncMutex_6SI8OkPnk
pastebin_config
null
port
1996
version
0.5.7B

aes.plain

Targets

- Target
  
  invoice954423.vbs
- Size
  
  236B
- MD5
  
  755e0f945656b708f911ff7438ee3dda
- SHA1
  
  147e7d2fad41deea7b15801a815dd80c340ae9b2
- SHA256
  
  4622e0560aaa02a43009773a1c42f8017cae6b63f0f7950b358c22d46c757e1c
- SHA512
  
  3d6c7eab9ac8ecd9fc4b8ce2f22026444500c4fc6327c674e5298a0eb3ea23ac7e9b173c67cb4fa67ce223e2dfbd0f7b338e60d5d00320ebaf6ba969d2b5d00f
Score

10^/10

asyncrat rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2