asyncrat

General

Target

PO List 030621.pdf.hta
Size

1KB
Sample

210607-a9dwr2h9tj
MD5

c69d7a4fcee29976c69a25ad6a25f627
SHA1

a44c31bce10346f44a6907b3a3092de8bc2b7c24
SHA256

2be3fbee47d3308141e55e0c06bf9e3ae7999ec67572c6038dea38ecd25ca876
SHA512

a4a3c86f43e8f8effe4fa333ec542e919f62b8da1dee21f542b4b857990c112e6296f58e9051fed1d251ffb6852eac45e424481304bb42d6cac46e46b6a29f16

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://ia601500.us.archive.org/3/items/all-2_202106/ALL2.TXT

Extracted

Family

warzonerat

C2

5.206.224.194:3080

Extracted

Family

asyncrat

Version

0.5.7B

C2

14.191.50.101:8080

Mutex

AsyncMutex_6SI8OkPnk

Attributes

aes_key
qyv1ismvAgNTQ98WMOnwHYsv8UB8SL5j
anti_detection
false
autorun
false
bdos
false
delay
Default
host
14.191.50.101
hwid
3
install_file
install_folder
%AppData%
mutex
AsyncMutex_6SI8OkPnk
pastebin_config
null
port
8080
version
0.5.7B

aes.plain

Targets

- Target
  
  PO List 030621.pdf.hta
- Size
  
  1KB
- MD5
  
  c69d7a4fcee29976c69a25ad6a25f627
- SHA1
  
  a44c31bce10346f44a6907b3a3092de8bc2b7c24
- SHA256
  
  2be3fbee47d3308141e55e0c06bf9e3ae7999ec67572c6038dea38ecd25ca876
- SHA512
  
  a4a3c86f43e8f8effe4fa333ec542e919f62b8da1dee21f542b4b857990c112e6296f58e9051fed1d251ffb6852eac45e424481304bb42d6cac46e46b6a29f16
Score

10^/10

asyncrat warzonerat infostealer rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Async RAT payload
  rat
- Warzone RAT Payload
  rat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

WarzoneRat, AveMaria

Async RAT payload

Warzone RAT Payload

Blocklisted process makes network request

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2